[Settle] Re: Firefox and local network access
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 18 February 2026 22:12 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: settle@mail2.ietf.org
Delivered-To: settle@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 43788B98D8D1 for <settle@mail2.ietf.org>; Wed, 18 Feb 2026 14:12:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dE5qSyes0PJO for <settle@mail2.ietf.org>; Wed, 18 Feb 2026 14:12:31 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 5BE6CB98D862 for <settle@ietf.org>; Wed, 18 Feb 2026 14:12:31 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id CAD173806B; Wed, 18 Feb 2026 17:12:25 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavis, port 10024) with LMTP id GWTiDZudKZ6B; Wed, 18 Feb 2026 17:12:23 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1771452743; bh=YYZ0u8SbJSE5JiY2YemzpUpD/sdAE9A/m4CCHR8XRco=; h=From:To:Subject:In-Reply-To:References:Date:From; b=ljrGgU0wtAnK8bJpV65qzH9EWQS4vQG4FB6uUnM7CRj0nrQzeLH326tjP1RwQ4h4/ 7CMAsWSCq4GRNEO1t0Dlqr/vI8YsNX1wQpAMqtV7wW0dwQc/Jo+0ljWAqeDNFX0q+Q foUhOaNvSzVDyNfoXPg0cOtSPJec7eMfl9Zddm2apR8z32k87GT2r5j3tOk7FkliKU fhm+Nh69KKjG670XeN99GEoYxOHaVVDcN90uOxDjq7hPyqye6JHbdjgu354tiOWIjM m3Nefo2lZgMr+bLWGI3rg/SnysOMXG3bDav6so6KIAZDSBmTS3X+Qt4VOwQULjgtfU tiU600Pa3wLLA==
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 566CF38069; Wed, 18 Feb 2026 17:12:23 -0500 (EST)
Received: from obiwan.sandelman.ca (obiwan.sandelman.ca [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 501B717C; Wed, 18 Feb 2026 17:12:23 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Paul Wouters <paul=40nohats.ca@dmarc.ietf.org>, settle@ietf.org
In-Reply-To: <1796997F-2A4F-4AE8-B4C1-86177192D15C@nohats.ca>
References: <1796997F-2A4F-4AE8-B4C1-86177192D15C@nohats.ca>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; Emacs 30.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 18 Feb 2026 17:12:23 -0500
Message-ID: <7527.1771452743@obiwan.sandelman.ca>
Message-ID-Hash: OSDXCW2MZPGGKAT5D2VS6M33CXJWZQTG
X-Message-ID-Hash: OSDXCW2MZPGGKAT5D2VS6M33CXJWZQTG
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Settle] Re: Firefox and local network access
List-Id: "SEcure access To Tls Local rEsources. To discuss non-PKI methods of identifying and authenticating to TLS endpoints in a local domain." <settle.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/settle/AgSv_TUbtmDED1dzGQCzDm-7NEg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/settle>
List-Help: <mailto:settle-request@ietf.org?subject=help>
List-Owner: <mailto:settle-owner@ietf.org>
List-Post: <mailto:settle@ietf.org>
List-Subscribe: <mailto:settle-join@ietf.org>
List-Unsubscribe: <mailto:settle-leave@ietf.org>
Paul Wouters <paul=40nohats.ca@dmarc.ietf.org> wrote:
> There was a talk at fosdem by Sunil Mayya that relates to security of local network resources in the browser:
> This talk presents Local Network Access (LNA) standards and how it
> addresses similar threats and helps fix long standing security
> vulnerabilities with localhost and local network devices. The talk
> explains the LNA specification and how it categorizes network requests
> into public, local, and loopback address spaces, requiring explicit
> user permission when websites access more private network zones. The
> presentation covers Firefox's implementation, key differences from
> Chrome's approach, real-world deployment challenges and mitigations.
This was very intersting, thank you for sharing it.
FOSDEM is so big, you can never see more than 10%.
I reached out to Sunil to tell him about SETTLE.
Once of his slides suggests that there is malware out there that attacks home
routers from the inside, presumably http to default route, login admin/admin.
I've figured such things were coming, but I was unaware that it was already here.
> https://fosdem.org/2026/schedule/event/QCSKWL-firefox-local-network-access/
--
Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
- [Settle] Firefox and local network access Paul Wouters
- [Settle] Re: Firefox and local network access Michael Richardson