Re: [DNSOP] Status of "let localhost be localhost"?

Ted Lemon <mellon@fugue.com> Wed, 02 August 2017 12:48 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47A1A131CD7 for <dnsop@ietfa.amsl.com>; Wed, 2 Aug 2017 05:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7q3Qp8d-WYUH for <dnsop@ietfa.amsl.com>; Wed, 2 Aug 2017 05:48:28 -0700 (PDT)
Received: from mail-qt0-x22a.google.com (mail-qt0-x22a.google.com [IPv6:2607:f8b0:400d:c0d::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD037132070 for <dnsop@ietf.org>; Wed, 2 Aug 2017 05:48:28 -0700 (PDT)
Received: by mail-qt0-x22a.google.com with SMTP id v29so26048591qtv.3 for <dnsop@ietf.org>; Wed, 02 Aug 2017 05:48:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=Z4nZrf59xhkcvSkFMGNYVVauCdZuJQ0pNTRKZF36Te4=; b=rqhcN2FEZ9Lz5cwPuQCnUTlj7xLAKC3w6hYpYQX/fcnabHTyy+fIgCqFPc3sg38nBj xzdIPMdQfULpeXGG0cv6sPBQnAuvNFD+QUXSWWjt/BQMB1hGCQH/uJlcAz7JneztKAAU 8ODWc61nA0GIIup6F6jFUU9gTI4C45NDWBJVavIvVs9lw7zc/VdSbMNEQRkSPu2hLgsa xzmCTsXM1HjvJ0ddOO4uLPSabXtifH4UdJOwNshFYOLdUmiAMhH9hKtyg93xjtSCl1q7 pBJh5+qF9W4G7Zmll1yqfEDwFLY3f3ZyitB0OOVV5n9jYmGIftHKlHEg16QZ07/fZsy9 kzkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=Z4nZrf59xhkcvSkFMGNYVVauCdZuJQ0pNTRKZF36Te4=; b=ZIbUDWZAjTks6iKY1HrXE/MiEEnSk0k6xkFCsWimrI4bsdSWNOyxTUPPEravwVcQ3O 19ZsfuZHUALvQO/i/52R5ROK1xXUplS0s0QOsDI3DayvCn1vIAVDgJOiQyFUjHChxLmL RMq513m7TAlepD8/Nfnq5WIazQ2CpwcEEMdSnDpi6HS2VD0C+HWhQSWSOLBpd7+sBUQh djlzZ8iYZQoOko+6m8jBE1vHDz7dH5RXVvwEw2wsTKpc7/y9lYVKGanRzIU0iYijFc6O hmq5BQ87g4o64JUeWazHSmXiz8LdtthAR0kHokW55rRfLw9g9GXy/CXyNZzPhGAIEp6p 5NFQ==
X-Gm-Message-State: AIVw1125BRHL6yjb1qI129WmM00W01ddkQYDalwVBFpuPJYwjYmS2yHc 5ugpY+Hn4qjdSQUs3aaNGw==
X-Received: by 10.237.43.134 with SMTP id e6mr23463004qtd.125.1501678107654; Wed, 02 Aug 2017 05:48:27 -0700 (PDT)
Received: from [10.0.30.153] (c-73-167-64-188.hsd1.nh.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id s32sm15432589qth.71.2017.08.02.05.48.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Aug 2017 05:48:26 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <6B25B24C-4C80-4A04-BF27-2306F4A77EF6@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9A199776-7AAA-4E81-BE0D-F3CAB6CA2C39"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 2 Aug 2017 08:48:24 -0400
In-Reply-To: <CAL02cgRg6k7=b7berKr9J+9aL8PTS81nJ_yXQO8QTYqgiqXSbg@mail.gmail.com>
Cc: william manning <chinese.apricot@gmail.com>, dnsop <dnsop@ietf.org>, Jacob Hoffman-Andrews <jsha@eff.org>
To: Richard Barnes <rlb@ipv.sx>
References: <05e469cf-1325-89fc-4a81-661f8647e869@eff.org> <CAKXHy=ctB=LZkX9j=8-Jy0NkTAs2tAesa4gmFhfp94O5=9U4TA@mail.gmail.com> <1dbb47a4-c6e2-97d2-a1d7-ce6c65a4042a@eff.org> <CACfw2hiX7U74n9+defcYiD7jLKZeLhtLM6WP5YM_WuAoA8ecYQ@mail.gmail.com> <CAL02cgRg6k7=b7berKr9J+9aL8PTS81nJ_yXQO8QTYqgiqXSbg@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/K0PWEZ6K3tUKhAvZFjkajiHUoFc>
Subject: Re: [DNSOP] Status of "let localhost be localhost"?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2017 12:48:30 -0000

On Aug 2, 2017, at 8:40 AM, Richard Barnes <rlb@ipv.sx> wrote:
> The underlying need here is that application software would like to make use of the fact that it is connecting to "localhost" (vs. other domain names) to make security decisions based on whether traffic is going to leave the host.  So if the network layer remaps localhost to something other than a loopback interface without telling the applications, then you're going to have security problems.
> 
> The point of this document is to avoid this disconnect by discouraging the sorts of remappings you're talking about.

Of course, arguably this is the wrong approach.   Perhaps the right approach is to understand that the security characteristics of "localhost" are not the ones that we want when our goal is to be sure we are connecting to the local host.   Apps don't control the name resolution software that's running on the local host.   If they want to be sure they are connecting locally, perhaps they should be using ::1 instead of localhost as their explicit destination identifier.