On Sat, Aug 12, 2017 at 2:36 PM, Paul Hoffman <paul.hoff...@vpnc.org> wrote:

> On 12 Aug 2017, at 10:14, Ted Lemon wrote:
>
> El 12 ag 2017, a les 13:09, John Levine <jo...@taugh.com> va escriure:
>>
>>> Right.  That's why it's long past time that we make it clear that
>>> non-broken resolvers at any level will treat localhost as a special
>>> case.  As you may have heard, we are not the Network Police, but we do
>>> publish the occasional document telling people what to do if they want
>>> to interoperate with the rest of the Internet.
>>>
>>
>> With respect, John, the issue I raised here isn't interop.  It's security.
>>
>
> It's security through interop. It's causing systems that want to hope that
> "localhost" has a particular meaning that has security implications to have
> a better chance that their hope is fulfilled.


And giving systems that want to ensure that they never mistake "localhost"
for something other than loopback to have a better chance that they won't
break things.

--Richard
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to