On 12 Aug 2017, at 11:44, Richard Barnes wrote:

On Sat, Aug 12, 2017 at 2:36 PM, Paul Hoffman <paul.hoff...@vpnc.org> wrote:

On 12 Aug 2017, at 10:14, Ted Lemon wrote:

El 12 ag 2017, a les 13:09, John Levine <jo...@taugh.com> va escriure:

Right.  That's why it's long past time that we make it clear that
non-broken resolvers at any level will treat localhost as a special
case. As you may have heard, we are not the Network Police, but we do publish the occasional document telling people what to do if they want
to interoperate with the rest of the Internet.

With respect, John, the issue I raised here isn't interop. It's security.

It's security through interop. It's causing systems that want to hope that "localhost" has a particular meaning that has security implications to have
a better chance that their hope is fulfilled.

And giving systems that want to ensure that they never mistake "localhost" for something other than loopback to have a better chance that they won't
break things.

Sorry, yes: that too. It applies to hopefulness on both sides.

--Paul Hoffman

DNSOP mailing list

Reply via email to