Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Mark Andrews <marka@isc.org> Wed, 13 September 2017 03:06 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0715B1333FC for <dnsop@ietfa.amsl.com>; Tue, 12 Sep 2017 20:06:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QxhaOo_nfNhx for <dnsop@ietfa.amsl.com>; Tue, 12 Sep 2017 20:06:50 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2D7713292E for <dnsop@ietf.org>; Tue, 12 Sep 2017 20:06:50 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 07FAA34CEB1; Wed, 13 Sep 2017 03:06:48 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id DC64A160074; Wed, 13 Sep 2017 03:06:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id C2D28160069; Wed, 13 Sep 2017 03:06:47 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 98M87peU9YUv; Wed, 13 Sep 2017 03:06:47 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 71C8116005C; Wed, 13 Sep 2017 03:06:47 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 946E8855120E; Wed, 13 Sep 2017 13:06:45 +1000 (AEST)
To: Ted Lemon <mellon@fugue.com>
Cc: dnsop WG <dnsop@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <20170913021529.2540.qmail@ary.lan> <26E56255-6169-4626-95E8-A9D6A2D5EB39@fugue.com>
In-reply-to: Your message of "Tue, 12 Sep 2017 22:45:26 -0400." <26E56255-6169-4626-95E8-A9D6A2D5EB39@fugue.com>
Date: Wed, 13 Sep 2017 13:06:45 +1000
Message-Id: <20170913030645.946E8855120E@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ZahbnzjwFND3gDVO_pD6Tpz3DIo>
Subject: Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 03:06:52 -0000

In message <26E56255-6169-4626-95E8-A9D6A2D5EB39@fugue.com>om>, Ted Lemon writes:
> On Sep 12, 2017, at 10:15 PM, John Levine <johnl@taugh.com> wrote:
> > Believe it or not, there are real non-loopback localhost domain names,
> > like localhost.reddit.com <http://localhost.reddit.com/>.
> >
> > I agree that localhost.<foo> pointing to loopback is generally asking
> > for trouble, but I am not at this point sufficiently confident that it
> > is never ever a good idea to say MUST NOT rather than SHOULD NOT.  I
> > can for example imagine ways that might make some kinds of debugging
> > easier.
>
> When we look at edge cases like this, it's tempting to be swept away by
> the futility of trying to close every gap.   But it's still worth closing
> the ones we can close.   Trying to outlaw localhost.* is hopeless.  But
> outlawing *.localhost is certainly valid and viable, and as DNSSEC
> adoption increases, more and more it will be the case that we actually
> need do nothing to break it.   "localhost" + search list still fails
> unsafe.

Why would we want to outlaw *.localhost?  Just because it is
inconvient for the IAB and ICANN that they didn't address this issue
correctly years ago.

Oh sorry you can't use SRV with localhost to assign a port to this
protocol THAT HAS NO DEFAULT PORT and only a NAME.  Is this what you
REALLY want to do?

> This is just another reason to outlaw search lists.   I can't think what
> use case search lists address that's worth the security vulnerability
> they create.   The fact that hosts routinely use search lists provided by
> DHCP is something that just astonishes me, but even user-configured
> search lists serve no useful purpose to anyone but the statistically
> negligible set of geeks who actually type in domain names and yet haven't
> become paranoid enough to realize that search lists are bad yet.   There
> is no downside to deprecating them.
>
> (Should someone reading this be one of those network operators who still
> puts search lists to some use inside of their firewall, please do not
> tell us about it.   I do not want to be the cause of your users being
> hacked.)

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org