Ted Lemon <mel...@fugue.com>于2018年2月6日周二 下午1:17写道:
> On Feb 5, 2018, at 11:58 PM, Lanlan Pan <abby...@gmail.com> wrote: > > If we decide to ban localhost.example, > > > Nobody is proposing that we ban localhost.example. > Sorry for my poor english. I mean that in *5.2. 'localhost' labels in subdomains* <https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02>, localhost.example.com. => localhost. ( equal to ban it at dns ? ) *For example, even with a searchlist of "example.com <http://example.com>" in place for a given network, the name "localhost" will not be resolved as "localhost.example.com <http://localhost.example.com>." but as "localhost.", and "subdomain.localhost" will not be resolved as "subdomain.localhost.example.com <http://subdomain.localhost.example.com>." but as "subdomain.localhost.".* > 1) how many security accidents have caused by this "localhost.example", is > it a serious security problem with low attack cost ? > > > Every security exposure has zero attacks until it is first successfully > attacked. Then the floodgates tend to open! :) > This flood predition was published at 2008, :-) http://seclists.org/bugtraq/2008/Jan/270 -- 致礼 Best Regards 潘蓝兰 Pan Lanlan
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
