On Jan 26, 2018, at 2:27 PM, 神明達哉 <[email protected]> wrote: > It's not clear to me, and either way I believe the draft should be > clearer on these points (see also my latest response to Petr. If the > intent of the draft is to prohibit any user customization, it should > explicitly say so (with, IMO, some more explanation); if the intent is > to allow such customization, I believe we should actually loosen it to > SHOULDs).
There was no clear intent at the beginning when this was an individual submission, but the discussion on the individual submission and on the call for adoption seemed to show a fairly strong consensus that looking up localhost using DNS is a significant security vulnerability, so MUST is the right language. Of course, I was part of that consensus, so I may be biased!
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
