On Sat, Aug 12, 2017 at 2:36 PM, Paul Hoffman <[email protected]> wrote:
> On 12 Aug 2017, at 10:14, Ted Lemon wrote: > > El 12 ag 2017, a les 13:09, John Levine <[email protected]> va escriure: >> >>> Right. That's why it's long past time that we make it clear that >>> non-broken resolvers at any level will treat localhost as a special >>> case. As you may have heard, we are not the Network Police, but we do >>> publish the occasional document telling people what to do if they want >>> to interoperate with the rest of the Internet. >>> >> >> With respect, John, the issue I raised here isn't interop. It's security. >> > > It's security through interop. It's causing systems that want to hope that > "localhost" has a particular meaning that has security implications to have > a better chance that their hope is fulfilled. And giving systems that want to ensure that they never mistake "localhost" for something other than loopback to have a better chance that they won't break things. --Richard
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
