Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Ted Lemon <mellon@fugue.com> Fri, 26 January 2018 19:40 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DFBF127369 for <dnsop@ietfa.amsl.com>; Fri, 26 Jan 2018 11:40:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lh4f6bsT9NaZ for <dnsop@ietfa.amsl.com>; Fri, 26 Jan 2018 11:40:56 -0800 (PST)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A454127137 for <dnsop@ietf.org>; Fri, 26 Jan 2018 11:40:56 -0800 (PST)
Received: by mail-io0-x234.google.com with SMTP id 72so1549876iom.10 for <dnsop@ietf.org>; Fri, 26 Jan 2018 11:40:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=dRet450nCSnrgmbZ+OSwZfubyp4qpE+TU3c5TuX8UuQ=; b=j1Uhzd2t9mrpmxS1uJrHv3tvakPuk9Dc8ooAME6s6PQ4x4KmZOjoIcna3b/2Z7JX4b hkivHG+xzzVh7FsTViSJQzYGxYdzMVuMHCN3P4QfxspjqaDZZ9QhmdgM44QAauxF5MVB dAhEuJkQ6a3SO15ZDZGExx6e2bo8/NUqVkHrerjCYZSPqCNhJBM2PLH5Za9/2EYer2GY l+3ZDFLIXGFZUkEmhyRHZ4cyYA2/adkRs+cqAXuy49cQOjQqKNDG5H62OcWVsiIg70O2 a14SASbZhF7FaKlCjN5txOtWB5ecrMCBMnp0aAX6BRODQyhuy3JyU2OQJxfR1cco10g2 BF2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=dRet450nCSnrgmbZ+OSwZfubyp4qpE+TU3c5TuX8UuQ=; b=MJoh48DfPtPti2yZKiWi+Qvdinm7vGhG07FkIr44rS28AtmqvnYKIg5Mhs1ON8kh7H I5NvLl42zqMejHebPCi+yd4eu7Ck4PT6R0kfNPG9zdEG3l28lDUx/EijEO/zeT57zCCv LTqv28IE21FwVWbl4ShkD6rh8FCwtLh0ioigsALcb9ByLi7ap6Av8c0S28q+N+IBx/j2 xF/RbDY7yD1HSPfrjCirmf9i4silgoVUY53P7NjjsPiOxepv3uurs/wPZtiL30AC+eGJ jFWzZtrBvAlb3SPOQb7V4fqqwOW9kBNjPhjVMOLdg6wV/67TYZlBYR0A4YtfyaKvHI0I 5VaQ==
X-Gm-Message-State: AKwxytcUaTrC73jy4H+kw1+VvXKQKoN9TTb+SgXQt5xfYcdx81zmU5aR 66Gkc3hLnHzX/BEUscWN6oQ/6Q==
X-Google-Smtp-Source: AH8x226cVvthIBjwiqPlsaBCc/3jMNhMshpkVJeezxka/gN5thl/qZ1AXD1YZeZCyybl4ItAxjnYaQ==
X-Received: by 10.107.137.26 with SMTP id l26mr17949381iod.108.1516995655379; Fri, 26 Jan 2018 11:40:55 -0800 (PST)
Received: from [172.19.131.146] ([12.130.117.63]) by smtp.gmail.com with ESMTPSA id f16sm851646iob.75.2018.01.26.11.40.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Jan 2018 11:40:54 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <37A9F504-A8BE-4F47-AAE9-AF2458206F03@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CA34A258-C043-4359-B5BB-CC34995697DF"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Fri, 26 Jan 2018 14:40:43 -0500
In-Reply-To: <CAJE_bqdCZ_vj2nncvEVpYunVmE=xxAiXqrzhu8BGxnSsLjy+3Q@mail.gmail.com>
Cc: Tony Finch <dot@dotat.at>, dnsop <dnsop@ietf.org>
To: 神明達哉 <jinmei@wide.ad.jp>
References: <CANV=THh6bOxd_UW=TuLonWzz0KyGapkGWpMiNuu54W=45gFAvg@mail.gmail.com> <20180124205620.GZ3322@mournblade.imrryr.org> <alpine.DEB.2.11.1801251558440.5022@grey.csi.cam.ac.uk> <CAJE_bqf+GqYGFRAsXbBPymQLXoJRs_AxvVHhtcMJF1LEvTL7sQ@mail.gmail.com> <77B805CC-E8FE-4B09-A261-C5CB13707EE4@dotat.at> <CAJE_bqdCZ_vj2nncvEVpYunVmE=xxAiXqrzhu8BGxnSsLjy+3Q@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/hvnh_AxHMW-isn3GW3VlEP5JbAQ>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2018 19:40:57 -0000

On Jan 26, 2018, at 2:27 PM, 神明達哉 <jinmei@wide.ad.jp> wrote:
> It's not clear to me, and either way I believe the draft should be
> clearer on these points (see also my latest response to Petr.  If the
> intent of the draft is to prohibit any user customization, it should
> explicitly say so (with, IMO, some more explanation); if the intent is
> to allow such customization, I believe we should actually loosen it to
> SHOULDs).

There was no clear intent at the beginning when this was an individual submission, but the discussion on the individual submission and on the call for adoption seemed to show a fairly strong consensus that looking up localhost using DNS is a significant security vulnerability, so MUST is the right language.   Of course, I was part of that consensus, so I may be biased!