Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Lanlan Pan <abbypan@gmail.com> Tue, 06 February 2018 04:58 UTC

Return-Path: <abbypan@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15EC012DA50 for <dnsop@ietfa.amsl.com>; Mon, 5 Feb 2018 20:58:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7W_6lDChO5-P for <dnsop@ietfa.amsl.com>; Mon, 5 Feb 2018 20:58:48 -0800 (PST)
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 263001200C1 for <dnsop@ietf.org>; Mon, 5 Feb 2018 20:58:46 -0800 (PST)
Received: by mail-wm0-x231.google.com with SMTP id i186so1186792wmi.4 for <dnsop@ietf.org>; Mon, 05 Feb 2018 20:58:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=W1G8ANfU8NLMSeZkFNUSoJ3pdRoLW8spwWncPSycx90=; b=s9FHtSkQ2Ft5ooOUWEAgz6IT1ZkNjirk52gz9srZam4Jtwtmzbsp2bMNSxNv7Ksf5l Y7lmbn6WFAWg9yY1r4ccDS75CepOZ4Yu0DlUPMJPLznIuuiQPWw9LDZC/FxSQqT+LerG 9BDyEDOWKnMtWanT1h81kK2VqiEREDYd9DyW1rkQmBF3hoh+4AYJZWBcROMWWRhCMOsy e/kHBSFwB1jB5ZdEu7KLoohdcT3/tAdytQQpujs8leNULZ4Z2wXRh8/AWus5B5B8Bc0z CZbzcfH+A1q8hlIoXVAeyu19VIgRpxl2SlJoE9bf6mh++eP1FnSCmEaKsjbnJIO9YkCI cbBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=W1G8ANfU8NLMSeZkFNUSoJ3pdRoLW8spwWncPSycx90=; b=NmT1w8sWqw+32litcWlzPsveuG/9NvOujMEfc+/zUESmTyDMbsgaqeU+UsJBRCAulp BIxJqNNwK+xiZftShHdFqP3ys76xCcFaqlcoiiCSC9L9VoNh94jWarq2PJcuV1bxszIk PFD2pilQKzX3NdRo2IlOpyFQ6JzM+LmUo+7GWNwtaICW29Zd5Q3ORDWTF+iZ5YlC6Wxi A64uC/ytapHsNekcasaUZHGwySSarpKe5wDJ2Be0pHoatiNGU7k/U6pSy4yFfc941gf1 ShaSfnVrhA2Bj4pqt5U6iV6maRf3/PO027sa+zXqkBN10j0A1Jc/koJb7oupU0PDjY/W lbjg==
X-Gm-Message-State: APf1xPDTbv830+xeVIUylbUSoCL17QU6cxxbUyE2NDFPbryyANKKDtch 3LOZpCJwpo/nUa6dV1QjkBlQdBszLZceXOWiZJsVmA==
X-Google-Smtp-Source: AH8x225zSE2z9bg6fD+x98uYohOjOXZKDmKKabfg5nMK0vwp2J+4mCymhJXoNBGNbX+mKlyz+vAVgwlNmBATnD0RTRE=
X-Received: by 10.80.133.200 with SMTP id q8mr2125768edh.286.1517893124762; Mon, 05 Feb 2018 20:58:44 -0800 (PST)
MIME-Version: 1.0
References: <9DCE2F63-EE37-4865-B9D6-6B79BBE05593@gmail.com> <20180129155112.GC16545@mx4.yitter.info> <5A6F5CF1.4080706@redbarn.org> <CA+nkc8D7tne5SxGOUhvJqstmDa=1=RmvcHQte1byAab5dUd5sQ@mail.gmail.com> <AE634FC4-0EAF-4F54-8860-61E41284F873@fugue.com> <20180130185919.GJ19193@mx4.yitter.info> <3b57a486-df8e-ca57-ab89-c167cea0dcc9@bellis.me.uk> <20180131161507.GP3322@mournblade.imrryr.org> <20180201172644.GD26453@mx4.yitter.info> <1D7693F7-000C-451A-8F7A-45B94366240F@fugue.com> <20180201204833.GA27125@mx4.yitter.info> <777C7B4A-A8D6-4E14-9DBF-360B6BDF4A95@fugue.com> <CA+nkc8D_JUaWhW8eZ3KuMKJsyVd1ddMtFLhk5Tne1oH2eEHhZg@mail.gmail.com> <01C3E853-A14F-4D1B-865D-5B74C9F1F999@isc.org> <CANLjSvUJ17pLEhpboEJfhum6gv-2-Ls5prKYUH0rumqSpkcpqw@mail.gmail.com> <2B1DC084-C6EA-41DA-9029-5E230874FCBE@isc.org> <29F25C57-31D1-4A07-875D-16E7612DB993@fugue.com> <E4C5AA7E-E9C1-4E53-ABE0-676A9B7B3269@isc.org> <618D31E1-8EC7-4F75-BD97-31D42CB1E681@fugue.com> <40992CF7-5740-43ED-8B78-8D8A9B50A15C@isc.org> <F28D0F1D-416E-4016-8A5A-95173FFFAA4E@fugue.com>
In-Reply-To: <F28D0F1D-416E-4016-8A5A-95173FFFAA4E@fugue.com>
From: Lanlan Pan <abbypan@gmail.com>
Date: Tue, 06 Feb 2018 04:58:34 +0000
Message-ID: <CANLjSvVd+vj8M+vBOokfpOL1fmq2iU9JAhSCd6eY_aoE1p5SMQ@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Mark Andrews <marka@isc.org>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="f403043b8fdc823259056484086f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/s9zPfwPD6G3LpsCBUiZCtgbTU-s>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 04:58:51 -0000

Ted Lemon <mellon@fugue.com>于2018年2月6日周二 上午12:52写道:

> On Feb 5, 2018, at 1:51 AM, Mark Andrews <marka@isc.org> wrote:
>
> No it is not! The browser knows where the name came from.
>
>
> Walk me through it.   How does the browser know where the name came from?
>

we can return NXDOMAIN for localhost. , little influence.

If we decide to ban localhost.example,  there is an assumption we have
accepted: the "localhost" subdomain to 127.0.0.1 is fault, because of http
cookie flaw.
The divergence is:  where is the best postion to ban it / mitigate it ?
1) dns :  this draft.
2) browser: browser can ban the request to localhost.example, or even the
request to subdomain xxx.example whose ip address is 127.0.0.1 .
3) http protocol:  CA Single Sign-On (CA SSO) ,  Token Binding for TLS, etc.

There are some security policy effect concerns:
1) how many security accidents have caused by this "localhost.example", is
it a serious security problem with low attack cost ?
As far as I can see, this attack's successful preconditions:
- servers doesn't sperate diffferent website.
- attacker must gain the server privilege, open a unusually port to give a
local http service. ---- this is a high risk alarm trait.
- attacker must fraud users to visit the flaw url.

2) is this the most important http cookie expose disaster area ?
As far as I can see,  many recursive resolvers hijack nxdomain, and return
an A record for advertising, similar with this cookie expose and more
widely.

3) If we ban localhost.example, will the operators use another abbreviation
to replace localhost, such as "127.0.0.1 localmachine" ?
operators are usually lazy, hardly to stop search list, and might hardly to
avoid abbreviation.
-- 
致礼  Best Regards

潘蓝兰  Pan Lanlan