On 13 Nov 2016, at 6:52, Eric Vyncke (evyncke) wrote:
Mark,
Do you plan to attend the Sunset4 meeting on Thursday?
Your valuable input will be welcome, and, I partially agree that
SUNSET4
is not the only place where the expertise lies in this issue.
let’s look at this issue (where is the best place) later. I think it
is relevant to sunset4 as it is within the problem space that sunset4 is
tackling.
Marc.
And, finally I agree with you that 'localhost' should/must be the same
as
'localhost.'
-éric
On 18/10/16 01:53, "sunset4 on behalf of Mark Andrews"
<sunset4-boun...@ietf.org on behalf of ma...@isc.org> wrote:
I would argue that sunset4 doesn't have the depth of expertise to
do this properly. That the issues are much more nuanced than the
draft makes out.
I would argue that there needs to be the equivalent of a local DNS
server for the zone localhost. More than A and AAAA records need
to be able to be returned.
I would argue that the root zone needs a insecure delegation for
localhost.
I would argue that the input string "localhost" needs to be treated
as absolute. i.e. search lists don't apply.
Mark
In message <9d1c5c76-417a-4af4-9fb0-8354fa8b5...@viagenie.ca>, "Marc
Blanchet" writes:
On 17 Oct 2016, at 12:19, Erik Nygren wrote:
In the hopes of allowing devices to some day drop their IPv4
stacks,
one
thing we will need to keep an eye out for is any behavior that
encourages
hard-coding 127.0.0.1 or ::1 rather than using a "localhost"
abstraction.
In the W3C WebAppSec Secure Context discussion, there has been
concern
that
"localhost" shouldn't be a "secure context" (unlike 127.0.0.1 and
::1)
due
to resolvers not always returning localhost. I worry that this
could
result in increased use of "127.0.0.1" (such as by web pages
containing
URLs instructing clients to talk to a localhost resource service).
Mike West has written up a "let localhost be localhost" draft to
cover
this:
https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-02
I'm sure feedback is quite welcome (and I wonder if sunset4 might
be
one
reasonable place to pick up this work?).
interesting issue. It certainly relates to name resolution not
behaving
the way it should.
But yes, sunset4 make sense to pick up this work.
would one of you two be in Seoul? If yes, we could carve up 5-10
minutes
in the agenda for that topic.
Marc.
Some background:
https://github.com/w3c/webappsec-secure-contexts/issues/43
- Erik
_______________________________________________
sunset4 mailing list
sunset4@ietf.org
https://www.ietf.org/mailman/listinfo/sunset4
_______________________________________________
sunset4 mailing list
sunset4@ietf.org
https://www.ietf.org/mailman/listinfo/sunset4
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
sunset4 mailing list
sunset4@ietf.org
https://www.ietf.org/mailman/listinfo/sunset4
_______________________________________________
sunset4 mailing list
sunset4@ietf.org
https://www.ietf.org/mailman/listinfo/sunset4
