Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Ted Lemon <> Thu, 01 February 2018 21:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4CBDD12D860 for <>; Thu, 1 Feb 2018 13:26:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3qV2bZeLDGzX for <>; Thu, 1 Feb 2018 13:26:43 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7E55E126C22 for <>; Thu, 1 Feb 2018 13:26:43 -0800 (PST)
Received: by with SMTP id b3so11577528oib.11 for <>; Thu, 01 Feb 2018 13:26:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=XPZrJO9Z3ro6NehZM9NApMEajGZbMB5bsLuvWHS0pRg=; b=lDlyfWQiMJXfbe94tCRlgu/T9OTRQw9yeoG+KSploOjhfWDWfkqPGsbSmhEs31P1fy f44amDcVpbn3WU84RQT/7+lffXyCRF+47Nqw6+dD9JSH73QAL9CyEmddDCGqpYhvRgk+ OLxwqdxV5gRhzKX3eg+xZvJ4hEM87lnEZj5MzKiUtVa0ZNbVR4j8pgp4DKvSG0EWBMdU WfbthlN74qTp3lI2wGv/eL51o7fJdqLBCYLwHBOhrLTwDrwE7RWnXtfGGVzMd7VCr+SK Rny6K5wDQjWCLhHkun0dpaM6cx2pr+up5Qu/vpw3pjBIUcwkiNyQ/rxGO97UWkZ7dtyk IsKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=XPZrJO9Z3ro6NehZM9NApMEajGZbMB5bsLuvWHS0pRg=; b=C+YKOh2nDatphbwePivmLp+VXf+266c8r4FRLn9M/XPOzv4FXet2rt4CSuxm/018wv RxuYw9cSUkIxwT2bjmhdsMl66PoaKi+KkAVVgTxNqmTQJf1ZQ9mE4R/2pti1DFG8pNCM 7ME3pNjD0TWd9WYvR66qHluhqQvcG5lF3bsF0QbGhyYFng0XtL/uQmTCcsog1w3NZFNC f6xcOEvoxy5X+IJ9D1cScPc4ZRxM/AVlgV+VD5eticsf4hwwU0Y9//EiOTSkHCjWTMQ/ M7k7N5zGJ3AHKTNl5f+1UhSySPDamg4KtL4a31AThOictBlQEr4hss+6A14dPDuISEcc 1EVQ==
X-Gm-Message-State: AKwxytceP75xFFDrewlk6X+V3J+JtfLMHoFhn9JAUcUjVZoLA6sqZ13z bHxMVu1RuwiHauT0PqJLt09w9GDgp2M=
X-Google-Smtp-Source: AH8x224BXRl6T80aRbDnRuRVXjE5vgJNIuhQ5FwT1s1hjAa49LiOkiMfzAmaWrKatOl/cz59wpVaCg==
X-Received: by with SMTP id h129mr22870472oic.189.1517520402571; Thu, 01 Feb 2018 13:26:42 -0800 (PST)
Received: from cavall.lan ( []) by with ESMTPSA id s203sm239310oif.23.2018. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Feb 2018 13:26:41 -0800 (PST)
From: Ted Lemon <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5F083368-CED5-4ECE-BDCD-029D534867E3"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Thu, 01 Feb 2018 15:26:40 -0600
In-Reply-To: <>
To: Andrew Sullivan <>
References: <> <> <> <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 01 Feb 2018 21:26:46 -0000

On Feb 1, 2018, at 2:48 PM, Andrew Sullivan <> wrote:
>> As a general principle, when what the RFC says to do is not the right thing to do, the solution is to update the RFC, not to ignore the problem.
> I strongly agree with this (as I think or anyway hope you know)

Yes, I will admit I was a bit surprised that you put it that way, although as you say, your position is more clear in your formal review of the document.

As for why I responded to this and not to the formal review, the answer is that the formal review was a bit overwhelming.  You made a lot of assertions of fact that didn't sound like fact to me—they sounded like strongly-held opinion.   You are a much more experienced DNS expert than I am, so for me to argue you away from those opinions is a tall order—I don't think you've really expressed the underlying belief that is the keystone to the whole edifice.

The problem I have is that to me it's dead obvious that the name hierarchy and the set of names in the DNS are not the same thing.   We've had that discussion before.   We even published a document about it, which hasn't quite made its way out of the RFC editor queue yet.   It seems to me that it is demonstrably the case that these two sets are disjoint.

But you explain your reasoning on the basis that clearly they are the same set, and that they are the same set is left unexamined.   So if we were to succeed in understanding why we disagree on this point, it would be necessary to dig down into that.

Having seen you give keynotes at the plenary, I know that you are deeply concerned about computer security.   The reason that I am in favor of the behavior I'm propounding is that I think it closes a small security gap through which a truck might some day be driven, to our woe.   So to me, the need to leave that gap, which I admit is small, open, seems inconsistent with what I know of you.

So clearly you value this idea that localhost is a name that exists in the DNS, even though it doesn't exist in the DNS.   It might be fruitful to explore that further.   It might also be a waste of time.   I don't honestly know.   But that is, I think, the key to our disagreement.