IETF Logo Mail Archive

Re: I-D Action: draft-west-let-localhost-be-localhost-00.txt

Mike West <mkwst@google.com> Tue, 27 September 2016 08:16 UTC

Return-Path: <mkwst@google.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F200512B406 for <ietf@ietfa.amsl.com>; Tue, 27 Sep 2016 01:16:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.016
X-Spam-Level:
X-Spam-Status: No, score=-5.016 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qvpgH4J5u9pN for <ietf@ietfa.amsl.com>; Tue, 27 Sep 2016 01:16:32 -0700 (PDT)
Received: from mail-lf0-x233.google.com (mail-lf0-x233.google.com [IPv6:2a00:1450:4010:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 214E312B3FF for <ietf@ietf.org>; Tue, 27 Sep 2016 01:16:32 -0700 (PDT)
Received: by mail-lf0-x233.google.com with SMTP id l131so13887523lfl.2 for <ietf@ietf.org>; Tue, 27 Sep 2016 01:16:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=c7cEneU4lcaqbmzvLfKYoiDd6m/HytIH5SF/S8iMCZo=; b=Av55mO/7u5vlkbJ0B+/3sPWIU30NEnQVZ9PpXapytN2a5pHCP3PMlbEucYIKjtOUHF mHA1F/B8InxihgSkdRzEvsTe2kX84W+URrEcciSK3ovmbHPubwS0ptE5ljKvcJtahncZ 6oT9GzICs4WCeTss+JWKjZiomJN8B7RbcJCJInZNODeQTgOd0ImbaS+FmiklnC8pCKGS 61GnFuQBV6jdtfRi/8c95e04VIlJwUkQ6gxeXE0ivGw0hSsVKadL8L3gZ0xZapyRzsXs U7S8ujaE0VH2mj1edV9VwLbJ66QZcIQvV02tiLs94P5wnrYlOAtDQyec9pzpxQl96Ge8 NuJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=c7cEneU4lcaqbmzvLfKYoiDd6m/HytIH5SF/S8iMCZo=; b=N37h/davEZZl8ipFvo7xLepzt4zix2W4kJtHxLlBIHZIPn9C/BwMCAoXDetuo+IbPc 0U/bwmFsgIfqoC+zN+4XG3OYYd2NiRFcTsREF66bfly9c62VRDJvl7jzFdPDWTwasjpa c35w8da5Ls5r8x9oQHv1b08r3qeUIV3Hcueg11RevtoUMKmYQWZuu0Yg9AgF8gNDBuEc vC/mDNwwbDg3vJXW0zILbcCCZa6eGQRr/EJcyHN2UR2srGx5rrSO16Ht5hqI1n6OQeAU zZW2hfZyZrpPrellkoZ9qd/v0EVSVflX0WkXdd/73psm7t56bjzwxWabLhr3GJjIm3T5 /vvQ==
X-Gm-Message-State: AE9vXwOUDrHokRNnjF/tj2NBQn4dvsWRGe8Ij14AC0vk/uajfLCMq2XOqFn5enbXqylTnlO/0gLv+iUehFNHfWPi
X-Received: by 10.25.7.213 with SMTP id 204mr9703624lfh.119.1474964188972; Tue, 27 Sep 2016 01:16:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.221.139 with HTTP; Tue, 27 Sep 2016 01:16:08 -0700 (PDT)
In-Reply-To: <20160926233938.k5nsfgxxhpoqzzbk@emily-tablet>
References: <147492207250.5121.3453453957391816595.idtracker@ietfa.amsl.com> <20160926233938.k5nsfgxxhpoqzzbk@emily-tablet>
From: Mike West <mkwst@google.com>
Date: Tue, 27 Sep 2016 10:16:08 +0200
Message-ID: <CAKXHy=fCoQPb4EJ2aS9Lfj6yKM-HotjhO_VsPk2PDeFATxpGdg@mail.gmail.com>
Subject: Re: I-D Action: draft-west-let-localhost-be-localhost-00.txt
To: Emily Shepherd <emily@emilyshepherd.me>
Content-Type: multipart/alternative; boundary="001a113eb5408ad08b053d78dc57"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/aks8xbOwDa0W3svrhXbVs5CPzUM>
Cc: draft-west-let-localhost-be-localhost@ietf.org, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2016 08:16:34 -0000

Thanks for your feedback, Emily!

On Tue, Sep 27, 2016 at 1:39 AM, Emily Shepherd <emily@emilyshepherd.me>
wrote:

> As this proposal is in the name of consistency, is there an argument we
> should be strict and explicitly define *which* loopback address DNS servers
> must return when queried?
>

I was intentionally vague on that point, as one of the scenarios raised in
https://github.com/w3c/webappsec-secure-contexts/issues/43 was a developer
who was pointing `project1.localhost` to 127.0.0.1, and
`project2.localhost` to 127.0.0.2 in /etc/hosts (and presumably had a
server configured accordingly). It seems like that's a reasonable thing to
support. Any loopback address is fine with me.

Also, as a nit-picky caveat: might there be a special case worth
> considering when a system is running a caching DNS server locally? In that
> case, it could theoretically be acceptable for a name resolution API /
> library to forward on the request.
>
> 2.  Item #4 is changed to read as follows:
>>
>>     Caching DNS servers MUST recognize localhost names as special,
>>     and MUST NOT attempt to look up NS records for them, or otherwise
>>     query authoritative DNS servers in an attempt to resolve
>>     localhost names.  Instead, caching DNS servers
>>
>
> Are we missing a 'MUST,' on the end of that last line?


Yes. We are. Remind me to read drafts before uploading them. :)

I meant this to say something like "MUST generate an immediate negative
response."

-mike

v2.23.0 | Report a Bug | By Email