Re: [DNSOP] Status of "let localhost be localhost"?
Ted Lemon <mellon@fugue.com> Wed, 02 August 2017 20:27 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04633131C84 for <dnsop@ietfa.amsl.com>; Wed, 2 Aug 2017 13:27:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zImiS8CSd8RZ for <dnsop@ietfa.amsl.com>; Wed, 2 Aug 2017 13:27:49 -0700 (PDT)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8958131C3B for <dnsop@ietf.org>; Wed, 2 Aug 2017 13:27:48 -0700 (PDT)
Received: by mail-qk0-x234.google.com with SMTP id d136so33666790qkg.3 for <dnsop@ietf.org>; Wed, 02 Aug 2017 13:27:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=QQ7anu2Q45Li/SCATdoGqHxFujHA4TtoBWkvxNu5c9k=; b=ys9YzzFLlG0E4EQGhPaV6z+O5M9ZodpOQGP8LNNBQOEIGxkahsOKiojEKiZCgIbsYG pHd4evp7qJoVBLX3JOoVUt5geUlpMRQKTwIw2xtJlMffJwXZmGtWS4/rP8L6DxdDyoKW xbu5jomsLusvWm36DunLWXYKXfAw2esQEwNnBNYnf+Yd0Zljw4DlcsDIS9G5EfUZmXP2 bNj7KOfChsSh0gavD8bow6VkQhSoeRM2QtpxvQGzWZ8IUsRdYzK3Yij/nmS0gu84sbIP wsHzfFJKRwhHozBMdB+QujspIOsPuHQ1Qc+4yVn6+E9sHmGBF3AxnCNnSQUPsP7o7Pq2 kTDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=QQ7anu2Q45Li/SCATdoGqHxFujHA4TtoBWkvxNu5c9k=; b=KuYw9tgpsr8D1d0thW+bABrJfW0uhcPEJzOa8WpnROsgwLdp82hzCdfkzRW7QffFor QIgumgknj0ajA9OkDuM5snjnJ4INj+2KbTWf0HbC/Tvd4JMIYx21ciE0NU6x6DmtCvho 9tH5lnu/8JOkLbT50op8a7YSXr+a2cpNaf+m/Ieu4VzZlkCo/k/iR596vVVyOQbZP9lf UAqHOPQ7BlJKZusfiCi5FdvaO4XtQ46RD4DB6zNTn0kVTXzp9bVhXId3K+FySbG/WYqP OqZQ38sRXX0g9861kRY5Whg7DQPknQ1IfqKR9OCc3dGy4UBvh8zfcy5QOKuHPIjAmGlH 2EeQ==
X-Gm-Message-State: AIVw110Ty9f+YOeM9hb5L2hJC/1eNtDUBEGxFo0laZb7zQ9nDVkNAcP2 qv4BEtRWFGPFREAw
X-Received: by 10.55.133.195 with SMTP id h186mr31178099qkd.21.1501705668054; Wed, 02 Aug 2017 13:27:48 -0700 (PDT)
Received: from [10.0.30.153] (c-73-167-64-188.hsd1.ma.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id v64sm23909135qkd.96.2017.08.02.13.27.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Aug 2017 13:27:47 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <F19EC009-0301-4C23-BC27-FFF021C77C02@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F2F41092-B93E-4544-A6E4-3DE1B038F04A"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 02 Aug 2017 16:27:45 -0400
In-Reply-To: <20170802180221.n7ezh5yzr5cuxklz@mycre.ws>
Cc: Mike West <mkwst@google.com>, Richard Barnes <rlb@ipv.sx>, dnsop <dnsop@ietf.org>, Jacob Hoffman-Andrews <jsha@eff.org>, william manning <chinese.apricot@gmail.com>
To: Robert Edmonds <edmonds@mycre.ws>
References: <05e469cf-1325-89fc-4a81-661f8647e869@eff.org> <CAKXHy=ctB=LZkX9j=8-Jy0NkTAs2tAesa4gmFhfp94O5=9U4TA@mail.gmail.com> <1dbb47a4-c6e2-97d2-a1d7-ce6c65a4042a@eff.org> <CACfw2hiX7U74n9+defcYiD7jLKZeLhtLM6WP5YM_WuAoA8ecYQ@mail.gmail.com> <CAL02cgRg6k7=b7berKr9J+9aL8PTS81nJ_yXQO8QTYqgiqXSbg@mail.gmail.com> <6B25B24C-4C80-4A04-BF27-2306F4A77EF6@fugue.com> <CAL02cgQ2z9Fze-Q2QWQ=+PHJEO_S3bTaq1fPJ6XSEwFUQ=ftvw@mail.gmail.com> <CAKXHy=eV0OBW+S308rdiHZ523foOgxYNB3i07RkeFJiTjMYQEQ@mail.gmail.com> <D9568E51-3C48-4BA3-9797-3F7756E857C9@fugue.com> <20170802180221.n7ezh5yzr5cuxklz@mycre.ws>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/dYC5Ayc8_M1NfkBdTn5RGGOab5g>
Subject: Re: [DNSOP] Status of "let localhost be localhost"?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2017 20:27:51 -0000
On Aug 2, 2017, at 2:02 PM, Robert Edmonds <edmonds@mycre.ws> wrote: > draft-west-let-localhost-be-localhost-03 upgrades the requirements in > RFC 6761 §6.3 to make them much stricter, for all applications, > converting SHOULDs to MUSTs, etc. So we're not arguing about whether > localhost "should" be treated specially, but whether it MUST be treated > specially, by all applications. Can the W3C not impose stricter > requirements on browser developers even if 6761 doesn't impose mandatory > treatment for "localhost"? It should be MUST in both cases. But writing that in an RFC doesn't make it so. Bear in mind when you look at the W3C document that it is talking about what would be ideal, not what is actually present in browsers. As an app developer worried about security footprint, I would be wiser to be cautious and use ::1 or 127.0.0.1, rather than using localhost and relying on the name resolution infrastructure. But the use case that I would be most skeptical about is using localhost in a URL. I think that should be MUST NOT. Apparently there is not wholehearted agreement on this topic, however... :)
- [DNSOP] Status of "let localhost be localhost"? Jacob Hoffman-Andrews
- Re: [DNSOP] Status of "let localhost be localhost… Mike West
- Re: [DNSOP] Status of "let localhost be localhost… Jacob Hoffman-Andrews
- Re: [DNSOP] Status of "let localhost be localhost… Mark Andrews
- Re: [DNSOP] Status of "let localhost be localhost… Mike West
- Re: [DNSOP] Status of "let localhost be localhost… william manning
- Re: [DNSOP] Status of "let localhost be localhost… Richard Barnes
- Re: [DNSOP] Status of "let localhost be localhost… Ted Lemon
- Re: [DNSOP] Status of "let localhost be localhost… Richard Barnes
- Re: [DNSOP] Status of "let localhost be localhost… Mike West
- Re: [DNSOP] Status of "let localhost be localhost… Ted Lemon
- Re: [DNSOP] Status of "let localhost be localhost… Ted Lemon
- Re: [DNSOP] Status of "let localhost be localhost… Richard Barnes
- Re: [DNSOP] Status of "let localhost be localhost… Joe Abley
- Re: [DNSOP] Status of "let localhost be localhost… Richard Barnes
- Re: [DNSOP] Status of "let localhost be localhost… Mike West
- Re: [DNSOP] Status of "let localhost be localhost… Joe Abley
- Re: [DNSOP] Status of "let localhost be localhost… Richard Barnes
- Re: [DNSOP] Status of "let localhost be localhost… Tony Finch
- Re: [DNSOP] Status of "let localhost be localhost… Paul Vixie
- Re: [DNSOP] Status of "let localhost be localhost… Jacob Hoffman-Andrews
- Re: [DNSOP] Status of "let localhost be localhost… Robert Edmonds
- Re: [DNSOP] Status of "let localhost be localhost… Matthew Pounsett
- Re: [DNSOP] Status of "let localhost be localhost… Ted Lemon
- Re: [DNSOP] Status of "let localhost be localhost… Jacob Hoffman-Andrews
- Re: [DNSOP] Status of "let localhost be localhost… George Michaelson
- Re: [DNSOP] Status of "let localhost be localhost… Richard Barnes
- Re: [DNSOP] Status of "let localhost be localhost… Mark Andrews
- Re: [DNSOP] Status of "let localhost be localhost… Mike West
- Re: [DNSOP] Status of "let localhost be localhost… John Levine
- [DNSOP] Fwd: Status of "let localhost be localhos… william manning
- Re: [DNSOP] Status of "let localhost be localhost… Mike West
- Re: [DNSOP] Status of "let localhost be localhost… Erik Nygren
- Re: [DNSOP] Status of "let localhost be localhost… Stuart Cheshire
- Re: [DNSOP] Status of "let localhost be localhost… Ted Lemon
- Re: [DNSOP] Status of "let localhost be localhost… Robert Edmonds
- Re: [DNSOP] Status of "let localhost be localhost… Ray Bellis
- Re: [DNSOP] Status of "let localhost be localhost… Peter van Dijk
- Re: [DNSOP] Status of "let localhost be localhost… John Levine
- Re: [DNSOP] Status of "let localhost be localhost… Ted Lemon
- Re: [DNSOP] Status of "let localhost be localhost… Paul Hoffman
- Re: [DNSOP] Status of "let localhost be localhost… Richard Barnes
- Re: [DNSOP] Status of "let localhost be localhost… Paul Hoffman
- Re: [DNSOP] Status of "let localhost be localhost… Ted Lemon
- Re: [DNSOP] Status of "let localhost be localhost… Paul Vixie
- Re: [DNSOP] Status of "let localhost be localhost… Jacob Hoffman-Andrews
- Re: [DNSOP] Status of "let localhost be localhost… Tony Finch
- Re: [DNSOP] Status of "let localhost be localhost… Ted Lemon
- Re: [DNSOP] Status of "let localhost be localhost… Paul Hoffman
- Re: [DNSOP] Status of "let localhost be localhost… Tony Finch
- Re: [DNSOP] Status of "let localhost be localhost… Mike West
- Re: [DNSOP] Status of "let localhost be localhost… Ted Lemon
- Re: [DNSOP] Status of "let localhost be localhost… Mike West
- Re: [DNSOP] Status of "let localhost be localhost… Ted Lemon
- Re: [DNSOP] Status of "let localhost be localhost… Warren Kumari
- Re: [DNSOP] Status of "let localhost be localhost… John Levine
- Re: [DNSOP] Status of "let localhost be localhost… Mark Andrews
- Re: [DNSOP] Status of "let localhost be localhost… John R Levine