[DNSOP] Status of "let localhost be localhost"?

Jacob Hoffman-Andrews <jsha@eff.org> Mon, 31 July 2017 23:17 UTC

Return-Path: <jsha@eff.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 601991270B4 for <dnsop@ietfa.amsl.com>; Mon, 31 Jul 2017 16:17:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.002
X-Spam-Level:
X-Spam-Status: No, score=-7.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eff.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ErjYszYh417z for <dnsop@ietfa.amsl.com>; Mon, 31 Jul 2017 16:17:40 -0700 (PDT)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 387A31243F6 for <dnsop@ietf.org>; Mon, 31 Jul 2017 16:17:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID:Subject:From:To; bh=fkfBWcLYk+dGOJdTLgchIoDBP+5lLQCD9BLsreOsXwQ=; b=mbjKdy76B25aqYcNpo5JmJk6RXr1DEN2oJkho9fp5t0Ts+gfOuMsMi5vUfWbx6U7bNGjNo0Ru5ewU0qYKRmIHjqxjGEvtFxaeBL7SCoyQ4DcY9qk6/KhpmSnz1Hey0zHfspPXHy4ugrMRrtAf2ALhuAu0DIdTJ4O+PP0PcqPMNo=;
Received: ; Mon, 31 Jul 2017 16:17:38 -0700
To: dnsop WG <dnsop@ietf.org>
From: Jacob Hoffman-Andrews <jsha@eff.org>
Message-ID: <05e469cf-1325-89fc-4a81-661f8647e869@eff.org>
Date: Mon, 31 Jul 2017 16:17:39 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Received-SPF: skipped for local relay
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vTLRG1r2U3p3viy78ZzVZEshlqA>
Subject: [DNSOP] Status of "let localhost be localhost"?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jul 2017 23:17:42 -0000

Hi,

I'm interested in seeing
https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-03
move from draft status to become a standard. In particular, it would
allow browsers to start treating "localhost" as a secure context, which
would reduce attempts by application developers to abuse the public Web
PKI in order to issue certificates for localhost, which harms security. See:

https://groups.google.com/d/msg/mozilla.dev.security.policy/T6emeoE-lCU/-k-A2dEdAQAJ
https://groups.google.com/d/msg/mozilla.dev.security.policy/eV89JXcsBC0/wsj5zpbbAQAJ

What further steps are needed to move this draft along, and how can I help?

Thanks,
Jacob