Re: I-D Action: draft-west-let-localhost-be-localhost-00.txt

Mike West <mkwst@google.com> Thu, 17 November 2016 08:32 UTC

Return-Path: <mkwst@google.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 938AF1294D4 for <ietf@ietfa.amsl.com>; Thu, 17 Nov 2016 00:32:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14H3Ou_TzFU2 for <ietf@ietfa.amsl.com>; Thu, 17 Nov 2016 00:32:56 -0800 (PST)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 825EB1294F0 for <ietf@ietf.org>; Thu, 17 Nov 2016 00:32:56 -0800 (PST)
Received: by mail-wm0-x22a.google.com with SMTP id g23so294992182wme.1 for <ietf@ietf.org>; Thu, 17 Nov 2016 00:32:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1HhYScv4dNMSP1CaLb/KLmOIWyZYj8exFDF12SxOh3w=; b=Ly/uRRYqfgS5RA4UH+Gw1g2JX1VjjFSOe8JK4/GNbsVCw0d47Jwvbs1on8a2ky5e/Y 8l7MwztNxaL+rbA16zL9Q4fck4QQYiVkq4b6L99R9XBoP4eVnqbCzmO8asS/t2CTRp/n 6O6LxpRyW4b3ysZ5DFn2FDId+IHwIvYOwyj5AaMGa7npxJAQD7DgQRwx/kdorlLu/eqC meVMqhWJEjFm3e0wQ6RuMYXHHmuCZWoRPs3lynwZ5xVHAQG7ChQoOpaa3hxOwkdIk/lz hJ4QYsGGuHkGUHnmGM5NjaJs4ZaXtm/FIzgh24FQ2cKsO7s1nxQ8bSirs50OWCXjz9s1 oozA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1HhYScv4dNMSP1CaLb/KLmOIWyZYj8exFDF12SxOh3w=; b=P/cGA26gK5tvqtzRpNBr/t1AtIxBHTP7S6Z23SbUBLGin7GFQ47GYPSQTCVyd9y7vZ 073CI+wTiEQJcW3aa905xUQz8bQqvoeyJNWc2BvgJz4edISbq9sZWKUeNgG2hlv6Hbdd KfpvA9zvL2KWZNIXC6eNCbFPeUAk7IizemGfI83IvP4cG775sAq2Uk5jImUHQpsH/gMF Ms/KuF5PtRGjKYVCsaOdbndixw/JatQo0vPlfxtLz+i15H1qF/LhcXC4aH8tp1NnAQd1 bBEvYYEhbfXKAnfZpAnkL/TZJDC/02opQILuFguSjDHmO//xhoeEjmExZAnVlC4PbPmq +gCw==
X-Gm-Message-State: ABUngvfp1jFqpl9mOtVgRunl1aGJgRRbjRLEVZNcuOjUjk4U6yulD19ktw8tOBnLFOqrCQSSXSmkzCbO/aVUkKs1
X-Received: by 10.46.9.21 with SMTP id 21mr785718ljj.0.1479371574838; Thu, 17 Nov 2016 00:32:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.28.20 with HTTP; Thu, 17 Nov 2016 00:32:34 -0800 (PST)
In-Reply-To: <CAOdDvNrx1Tv_aZ496e3G=zQq9nDokMfNhiDD-n4hPi7iw46wLA@mail.gmail.com>
References: <147492207250.5121.3453453957391816595.idtracker@ietfa.amsl.com> <20160926233938.k5nsfgxxhpoqzzbk@emily-tablet> <CAKXHy=fCoQPb4EJ2aS9Lfj6yKM-HotjhO_VsPk2PDeFATxpGdg@mail.gmail.com> <CAOdDvNrx1Tv_aZ496e3G=zQq9nDokMfNhiDD-n4hPi7iw46wLA@mail.gmail.com>
From: Mike West <mkwst@google.com>
Date: Thu, 17 Nov 2016 09:32:34 +0100
Message-ID: <CAKXHy=f_41tdqEAcz6tAuUNOy++Af9NWDkyuWO+ETWacyrwJrg@mail.gmail.com>
Subject: Re: I-D Action: draft-west-let-localhost-be-localhost-00.txt
To: Patrick McManus <pmcmanus@mozilla.com>
Content-Type: multipart/alternative; boundary="001a114b18fa35dd0c05417b0963"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/lEmjWSw-jvpHewwRp8aHR9eBDwk>
Cc: draft-west-let-localhost-be-localhost@ietf.org, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 08:32:59 -0000

Sorry I missed this, Patrick. Responding inline:

On Fri, Sep 30, 2016 at 4:06 PM, Patrick McManus <pmcmanus@mozilla.com>
wrote:

> Hey Mike,
>
> A few thoughts, sadly mostly about process rather than merits. sorry about
> that.
>
> 1] You've got HttpBis at the top of that document - but I don't think this
> is something httpbis would adopt (the word http does not appear anywhere
> else in the doc other than url references) as its scope is really about DNS
> libraries servers and registrars, not about the http protocol.
>

Yup. It was just part of the boilerplate I copied over from the cookie
drafts I'm working on. I agree that DNSOP seems like a better home, and I
don't intend to bring this draft to httpbis.


> 2] Given that this is about DNS libraries servers and registrars, don't
> you think this should be part of the DNSOP wg discussion?
>

Yup.

3] This seems to boil down to NEWRFC changes a bunch of RFC6761 SHOULD's to
> MUST's. Obviously publishing NEWRFC doesn't make anyone non-compliant with
> 6761, so how does this help in making you confident enough in
> localhost==127.0.0.1 to use that in secure contexts? i.e. what's the
> indication the name is resolved according to NEWRFC rules?
>

If only specifying something caused compliance! :)

I plan for Secure Contexts to say something like "A user agent MAY treat
localhost names as secure iff it conforms to the localhost name resolution
rules in let-localhost-be-localhost."


> 4] you say '"localhost names will always resolve to the respective IP
> loopback address". That suggestion, unfortunately, doesn't match reality.'
> but you don't provide any background. That reality will be intentionally
> prohibited by this document so I would like to understand the instances
> where this happens a little better, what they are accomplishing, etc...
> you've obviously got some examples. Thanks.
>

I'll add examples to the doc, thanks for the suggestion.

-mike