In article <CAAiTEH9=RNDrUmSOs8Rg2Ea4+as9pg=j5jnU6Y=nc8a4z1a...@mail.gmail.com>
>In the case where 'localhost' is being passed to DNS resolution software, a
>validating stub (for example inside a web browser) needs a way to know that
>the 'localhost' TLD should be treated as insecure. In that case, the only
>way to accomplish that is ...
... by having the stub or cache treat localhost as a special case.
I use unbound as my cache which as far as I know has always done that.
Are there caches that don't? Are there validating stubs that don't?
My reading of this draft is that if you don't treat localhost as a
special case already, it's time to get with the program.
> with an insecure delegation at the root.
DNSOP mailing list