Re: [DNSOP] Status of "let localhost be localhost"?

Mike West <mkwst@google.com> Tue, 01 August 2017 10:49 UTC

Return-Path: <mkwst@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 420B8132CFB for <dnsop@ietfa.amsl.com>; Tue, 1 Aug 2017 03:49:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N-ak5Df14PjB for <dnsop@ietfa.amsl.com>; Tue, 1 Aug 2017 03:49:13 -0700 (PDT)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48F55132CF6 for <dnsop@ietf.org>; Tue, 1 Aug 2017 03:49:13 -0700 (PDT)
Received: by mail-oi0-x229.google.com with SMTP id x3so11526468oia.1 for <dnsop@ietf.org>; Tue, 01 Aug 2017 03:49:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=yOXh8MnnriB32nyq3WLpHBT/d5zMrCSe8+CcXwZa9Oo=; b=cLxy5FdaTLbdsKRN4r1DsyNSpKsEbCAA3zXB117jG7bTK+eE9wj+x8Exx6DaZmFWiE dk83KIVNObmgjEPTvm4vNJhkE3w8DkHvPEBczRP7kPv+KX8b1WsP+c2rwpxaCf/lkPyI FkFSsnotf+AtJZNvSp3ze1fOndoCFS09n124sVsgi04Lms5+UrWx9FZAfXoZ1AK2FuZp SEDfBMm3PdEtxI741FO1iizh3qXqdl32KSALqctnQuhc8Zacp7sN5YIXbQGFpbMcscTk WRwNKV+2GOEi307tjokPq0rnX+L3KCufaKoK5Dm2yGsBXLeGpGzrx0TPCQGX1rabcsLm TT3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=yOXh8MnnriB32nyq3WLpHBT/d5zMrCSe8+CcXwZa9Oo=; b=ClcpYn1c8/uaqSv2ZAA41UOsVYWht6f10/1PBEE2XmtaFtH0O2E6bdjNWwCVQlVGKY PBEGBSA1+V+8zgSGXxJ04xcDVjcdt7vfcFEh3q/GnnIIXeChm0OY66LBaEmcvfbTXkR7 67rq7yiVy7nH4VPEQByiGaSqFFSwBrpLoItlDe2EN276+KWvxM5PBSBF24vidyqyz/TP jcmfO3rcWQLGLqu3d/W+bY292tVUG7btaHumUh7vvT1aKwPVjWs+I2oX7DQyMR3HHPFl yuM9hCLj4KdqrtEW2ULcISzIwpZ3lbBN9xg4bpMGpba/hvOrZhcmmg+upQ0f9QOQwEvH chjQ==
X-Gm-Message-State: AIVw111AvvpzG4RSMTkVIlc+aX2IDwln+siYuztP0gxftuXzo1oaeptq EQremnoK6safU3lJwRwgkX5lggIJBjoo
X-Received: by 10.202.199.138 with SMTP id x132mr15100487oif.52.1501584552353; Tue, 01 Aug 2017 03:49:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.47.5 with HTTP; Tue, 1 Aug 2017 03:48:51 -0700 (PDT)
In-Reply-To: <05e469cf-1325-89fc-4a81-661f8647e869@eff.org>
References: <05e469cf-1325-89fc-4a81-661f8647e869@eff.org>
From: Mike West <mkwst@google.com>
Date: Tue, 1 Aug 2017 12:48:51 +0200
Message-ID: <CAKXHy=ctB=LZkX9j=8-Jy0NkTAs2tAesa4gmFhfp94O5=9U4TA@mail.gmail.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>
Cc: dnsop WG <dnsop@ietf.org>, Suzanne Woolf <suzworldwide@gmail.com>, Richard Barnes <rlb@ipv.sx>, John R Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary="001a11c18044d883fe0555aee59e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tJmOPXq7ZU8yPTE2KFxHUMhQIvI>
Subject: Re: [DNSOP] Status of "let localhost be localhost"?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 10:49:15 -0000

Hey Jacob, thanks for flagging this! I'm also interested in getting this
draft moving again, and I'm willing to poke at it in whatever ways the
group's happy with.

The only open issue I know of is some discussion in the thread at
https://www.ietf.org/mail-archive/web/dnsop/current/msg18690.html that I
need help synthesizing into the draft. I don't know enough about the
subtleties here to have a strong opinion, and I'm happy to accept the
consensus of the group.

Coincidental, I raised the draft again briefly with a few folks in Prague
(CC'd here), and I'm hoping for some feedback about reasonable next steps.

-mike

On Tue, Aug 1, 2017 at 1:17 AM, Jacob Hoffman-Andrews <jsha@eff.org> wrote:

> Hi,
>
> I'm interested in seeing
> https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-03
> move from draft status to become a standard. In particular, it would
> allow browsers to start treating "localhost" as a secure context, which
> would reduce attempts by application developers to abuse the public Web
> PKI in order to issue certificates for localhost, which harms security.
> See:
>
> https://groups.google.com/d/msg/mozilla.dev.security.
> policy/T6emeoE-lCU/-k-A2dEdAQAJ
> https://groups.google.com/d/msg/mozilla.dev.security.policy/eV89JXcsBC0/
> wsj5zpbbAQAJ
>
> What further steps are needed to move this draft along, and how can I help?
>
> Thanks,
> Jacob
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>