In article <CAKXHy=chbyfempmdtk-tjmkzdl3oeodjdyujxuk2-qh4e5h...@mail.gmail.com> you write: >2. I know I don't have enough expertise in this area to make an informed >decision, and smart folks on this thread and elsewhere have told me that an >insecure delegation would be better than status-quo. I added >https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-05#section-4.2 >to the document on that basis.
The problem with asking for an insecure root delegation is that the IETF has no process for putting anything in the root. In principle we could work something out with ICANN, but that process would take somewhere between a very very long time and forever. It is likely to be hijacked by other people who also want special treatment for their pet TLDs which is why my estimate would be closer to forever. So my inclination would be to say that localhost lookups that reach the root will get a secure NXDOMAIN, which one could take as a hint that it's time to update the stubs and caches that let the query leak. We don't have to work this out now, we can adopt the document and figure out what to fix later. R's, John PS: For anyone who was going to say what about .ARPA, it was in the root a long time before ICANN existed. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
