Re: [DNSOP] Status of "let localhost be localhost"?

On Wed, Aug 9, 2017 at 12:31 PM, Stuart Cheshire wrote: > [*] If you think it’s stupid to suggest a host might not treat “127.0.0.1” > as meaning loopback, why is that any more stupid than suggesting that a > host might not treat “localhost” as meaning loopback? Both are just

Re: [DNSOP] [art] draft-ietf-dnsop-attrleaf

Hi, On Thu, Aug 03, 2017 at 03:36:24PM -0700, Dave Crocker wrote: > deal with that fully, in a single spec produced an especially confused > draft, roughly 10 years ago. I _think_ I may be one of the people who complained at the time, and if I recall correctly what Dave and I agreed about

Re: [DNSOP] Status of "let localhost be localhost"?

Stuart Cheshire wrote: > [*] If you think it’s stupid to suggest a host might not treat “127.0.0.1” as > meaning loopback, why is that any more stupid than suggesting that a host > might not treat “localhost” as meaning loopback? Both are just as arbitrary. As far as I can tell, "let 127.0.0.1

Re: [DNSOP] Status of "let localhost be localhost"?

On 09/08/2017 17:44, Ted Lemon wrote: > Of course, the real answer to this is that neither solution is > desirable. I've heard several people here say that if localhost were > "fixed" in an RFC, then the W3C could mark http connections to localhost > as secure, rather than insecure. This is

Re: [DNSOP] Status of "let localhost be localhost"?

I’m puzzled by much of this discussion. We want a way for an application to indicate that it wants a loopback connection to another port on the local host. People widely use “localhost” for this. But other people argue that a mere RFC can’t guarantee that a host doesn’t violate the assumption