Re: [DNSOP] Status of "let localhost be localhost"?

Ray Bellis <ray@bellis.me.uk> Wed, 09 August 2017 16:48 UTC

Return-Path: <ray@bellis.me.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0438132429 for <dnsop@ietfa.amsl.com>; Wed, 9 Aug 2017 09:48:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wBvbW7mYALcw for <dnsop@ietfa.amsl.com>; Wed, 9 Aug 2017 09:48:41 -0700 (PDT)
Received: from hydrogen.portfast.net (hydrogen.portfast.net [188.246.200.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47F4D132427 for <dnsop@ietf.org>; Wed, 9 Aug 2017 09:48:41 -0700 (PDT)
Received: from [46.227.151.81] (port=54524 helo=rays-mbp.local) by hydrogen.portfast.net ([188.246.200.2]:465) with esmtpsa (fixed_plain:ray@bellis.me.uk) (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) id 1dfU9t-0000aR-B3 (Exim 4.72) for dnsop@ietf.org (return-path <ray@bellis.me.uk>); Wed, 09 Aug 2017 17:48:37 +0100
To: dnsop@ietf.org
References: <05e469cf-1325-89fc-4a81-661f8647e869@eff.org> <CAKXHy=ctB=LZkX9j=8-Jy0NkTAs2tAesa4gmFhfp94O5=9U4TA@mail.gmail.com> <1dbb47a4-c6e2-97d2-a1d7-ce6c65a4042a@eff.org> <CACfw2hiX7U74n9+defcYiD7jLKZeLhtLM6WP5YM_WuAoA8ecYQ@mail.gmail.com> <CAL02cgRg6k7=b7berKr9J+9aL8PTS81nJ_yXQO8QTYqgiqXSbg@mail.gmail.com> <6B25B24C-4C80-4A04-BF27-2306F4A77EF6@fugue.com> <CAL02cgQ2z9Fze-Q2QWQ=+PHJEO_S3bTaq1fPJ6XSEwFUQ=ftvw@mail.gmail.com> <CAKXHy=eV0OBW+S308rdiHZ523foOgxYNB3i07RkeFJiTjMYQEQ@mail.gmail.com> <D9568E51-3C48-4BA3-9797-3F7756E857C9@fugue.com> <20170802180221.n7ezh5yzr5cuxklz@mycre.ws> <820AEB88-C38C-4547-8F42-3C7C7E3D7ACC@apple.com> <CAPt1N1=hse1dYB7OhJvdXdtO+R2cZC6XRo-2-rupVy6dOqivfA@mail.gmail.com>
From: Ray Bellis <ray@bellis.me.uk>
Message-ID: <90eb5003-3629-e962-417c-8af37188ae51@bellis.me.uk>
Date: Wed, 9 Aug 2017 17:48:39 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CAPt1N1=hse1dYB7OhJvdXdtO+R2cZC6XRo-2-rupVy6dOqivfA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/OC04mP1pDtEdybG5jNl1JfAE3jA>
Subject: Re: [DNSOP] Status of "let localhost be localhost"?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2017 16:48:43 -0000


On 09/08/2017 17:44, Ted Lemon wrote:

> Of course, the real answer to this is that neither solution is
> desirable.   I've heard several people here say that if localhost were
> "fixed" in an RFC, then the W3C could mark http connections to localhost
> as secure, rather than insecure.   This is of course nonsense.   The
> fact is that you should always validate the endpoint you are connecting
> to using some secure protocol.   With a unix domain socket, you can pass
> credentials over the socket.   With a TCP or UDP connection, you can't
> do that, so you need to use cryptography.

Speaking of which, MySQL uses the word "localhost" as a switch to use a
UNIX domain socket instead of IP for its connection.

Just sayin' ;)

Ray