In article <> 
you write:
>In the case where 'localhost' is being passed to DNS resolution software, a
>validating stub (for example inside a web browser) needs a way to know that
>the 'localhost' TLD should be treated as insecure.  In that case, the only
>way to accomplish that is ...

 ... by having the stub or cache treat localhost as a special case.

I use unbound as my cache which as far as I know has always done that.
Are there caches that don't?  Are there validating stubs that don't?

My reading of this draft is that if you don't treat localhost as a
special case already, it's time to get with the program.  


> with an insecure delegation at the root.

DNSOP mailing list

Reply via email to