Re: [DNSOP] Call for Adoption: draft-huston-kskroll-sentinel

or a better authoritative/resolver telemetry > interface, not some client-side thing. > > > > On Mon, Nov 27, 2017 at 1:10 PM, Richard Barnes wrote: > > George, you should know better than to claim that a mechanism that > requires resolver updates will have "immediat

Re: [DNSOP] Call for Adoption: draft-huston-kskroll-sentinel

Well, that's what I get for providing drive-by feedback. Someone pointed me off-list to RFC 8145 and the operational issues with that. I still think that that calls for a better authoritative/resolver telemetry interface, not some client-side thing. On Mon, Nov 27, 2017 at 1:10 PM, Ri

Re: [DNSOP] Call for Adoption: draft-huston-kskroll-sentinel

George, you should know better than to claim that a mechanism that requires resolver updates will have "immediate benefit" :) I do not find this mechanism terribly compelling. It is not useful in the short run, as noted above. And it has the wrong architecture for the long run. What zone operat

Re: [DNSOP] `localhost` and DNS.

On Thu, Nov 16, 2017 at 5:05 AM, Ted Lemon wrote: > On Nov 15, 2017, at 10:51 PM, Mike West wrote: > > Skimming through the recording of Monday's meeting > > (starting > at around 53:56), it sounds to me as though the

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

On Tue, Sep 12, 2017 at 8:54 AM, Tony Finch wrote: > Paul Vixie wrote: > > > > while i've generally included a localhost.$ORIGIN A RR in zones that > appear in > > my stub resolver search lists, in order that "localhost" be found, > > I agree with the rest of your message but I want to highlight

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

I am strongly in support of the WG adopting this draft. It will allow applications to deliver a better developer experience and higher security. As Ted notes, there is a possibility of breakage. If something on a host is relying on an external resolver to provide localhost resolution in accordan

Re: [DNSOP] Localhost - more reliable options?

Sorry, but point of order: We have a solution that entails a minimal change from the current state of the art and minimal incremental security risk. Let's not re-open fundamental questions, please. On Thu, Aug 17, 2017 at 6:22 PM, Brian Dickson < brian.peter.dick...@gmail.com> wrote: > The discus

Re: [DNSOP] Status of "let localhost be localhost"?

On Sat, Aug 12, 2017 at 2:36 PM, Paul Hoffman wrote: > On 12 Aug 2017, at 10:14, Ted Lemon wrote: > > El 12 ag 2017, a les 13:09, John Levine va escriure: >> >>> Right. That's why it's long past time that we make it clear that >>> non-broken resolvers at any level will treat localhost as a spec

Re: [DNSOP] Status of "let localhost be localhost"?

On Wed, Aug 2, 2017 at 4:27 PM, Ted Lemon wrote: > On Aug 2, 2017, at 2:02 PM, Robert Edmonds wrote: > > draft-west-let-localhost-be-localhost-03 upgrades the requirements in > RFC 6761 §6.3 to make them much stricter, for all applications, > converting SHOULDs to MUSTs, etc. So we're not arguin

Re: [DNSOP] Status of "let localhost be localhost"?

On Wed, Aug 2, 2017 at 9:18 AM, Richard Barnes wrote: > > > On Wed, Aug 2, 2017 at 9:10 AM, Ted Lemon wrote: > >> On Aug 2, 2017, at 9:02 AM, Richard Barnes wrote: >> >> But of course having IP addresses in URLs is both a PITA for developers >>

Re: [DNSOP] Status of "let localhost be localhost"?

On Wed, Aug 2, 2017 at 9:34 AM, Joe Abley wrote: > Hi Mike, > > On Aug 2, 2017, at 09:54, Mike West wrote: > > What would you like to see in the document in order to address this > concern? A requirement that a `localhost` zone be created and delegated as > an insecure delegation, using some of

Re: [DNSOP] Status of "let localhost be localhost"?

On Wed, Aug 2, 2017 at 9:10 AM, Ted Lemon wrote: > On Aug 2, 2017, at 9:02 AM, Richard Barnes wrote: > > But of course having IP addresses in URLs is both a PITA for developers > and an anti-pattern more generally. > > > While true, I would argue that this is actually

Re: [DNSOP] Status of "let localhost be localhost"?

On Wed, Aug 2, 2017 at 8:48 AM, Ted Lemon wrote: > On Aug 2, 2017, at 8:40 AM, Richard Barnes wrote: > > The underlying need here is that application software would like to make > use of the fact that it is connecting to "localhost" (vs. other domain > names) to make se

Re: [DNSOP] Status of "let localhost be localhost"?

On Wed, Aug 2, 2017 at 6:39 AM, william manning wrote: > localhost is just a string, like www or mail or supralingua. A DNS > operator may > chose to map any given string to any given IP address. restricting ::1 > so that it never leaves > the host is pretty straight forward. if I map localh

Re: [DNSOP] Last Call: (The .onion Special-Use Domain Name) to Proposed Standard

On Fri, Jul 17, 2015 at 4:20 PM, Eliot Lear wrote: > I have no particular objection to the concept here, but I do have a > question about one sentence in the draft. Section 1 states: >>Like Top-Level Domain Names, .onion addresses can have an arbitrary >>number of subdomain components. T

Re: [DNSOP] Last Call: (The .onion Special-Use Domain Name) to Proposed Standard

On Thu, Jul 16, 2015 at 12:44 AM, Joe Hildebrand wrote: > On 15 Jul 2015, at 5:37, David Conrad wrote: > >> I try to be pragmatic. Given I do not believe that refusing to put ONION >> in the special names registry will stop the use of .ONION, the size of the >> installed base of TOR implementation

Re: [DNSOP] Last Call: (The .onion Special-Use Domain Name) to Proposed Standard

On Wed, Jul 15, 2015 at 5:52 PM, Hugo Maxwell Connery wrote: > Or to re-quote Paul Vixie: > > what the internet should be doing is defining escape mechanisms for > non-internet systems, rather than saying "we are the only thing you can > use" > > RFC 6761 is that mechanism for DNS. Nice summary.

Re: [DNSOP] More after onion? was Re: Some distinctions and a request

On Wed, Jul 1, 2015 at 2:54 PM, Edward Lewis wrote: > On 7/1/15, 14:26, "Richard Barnes" wrote: > >>We do our best work when we do engineering, not rule-making. Let's >>engineer a solution here that's more appealing than squatting. For my >>money,

Re: [DNSOP] More after onion? was Re: Some distinctions and a request

On Wed, Jul 1, 2015 at 2:23 PM, Warren Kumari wrote: > On Wed, Jul 1, 2015 at 10:08 AM, Suzanne Woolf wrote: >> Ed, >> >> First-- apologies for the misunderstanding. >> >> On Jul 1, 2015, at 9:53 AM, Edward Lewis wrote: >>> >>> Trying to be more clear, I have in the past imagined that today some

Re: [DNSOP] Adoption and Working Group Last Call for draft-appelbaum-dnsop-onion-tld

tl;dr: Ship it. On adoption: I agree that we should adopt this document. On WGLC: I have reviewed this document, and I think it's generally in fine shape to send to the IESG. I have included a few comments below, but they're mostly editorial. The only issue of any substance is that I would pref

Re: [DNSOP] Adoption and Working Group Last Call for draft-appelbaum-dnsop-onion-tld

On Thu, May 21, 2015 at 3:20 PM, John R Levine wrote: > It would be a shame for them to nitpick the rules because "special purpose >> namespace" != "TLD"? >> > > Is the CAB really likely to waste its time on that? I don't know them, I > have no idea. I'd hope they had better things to worry abo

Re: [DNSOP] A comparison of IANA Considerations for .onion

On Tue, May 12, 2015 at 9:34 AM, Tom Ritter wrote: > On 12 May 2015 at 07:23, Andrew Sullivan wrote: > > If the Tor Browser has its own resolver that is used just by it and > > that is not a separate service installed with the expectation that > > other clients will use it, then it seems to me t

Re: [DNSOP] A comparison of IANA Considerations for .onion

On Tue, May 12, 2015 at 9:17 AM, hellekin wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 05/12/2015 09:23 AM, Andrew Sullivan wrote: > > > > Is your complaint that appelbaum-dnsop-onion reads to you as though > > such special applications are the only way to do this? If so, th

Re: [DNSOP] A comparison of IANA Considerations for .onion

On Mon, May 11, 2015 at 7:21 PM, Alec Muffett wrote: > Hi Hellekin! > > >Since Alec Muffett seems to have better things to do > > I'm sorry if you've been waiting for my input - I am not the primary > author of the document; Jacob Appelbaum's name is in the document's > title for a good reason,

Re: [DNSOP] discussion for draft-appelbaum-dnsop-onion-tld-00.txt

On Tue, Mar 17, 2015 at 9:11 PM, Andrew Sullivan wrote: > On Tue, Mar 17, 2015 at 12:59:25PM -0400, Richard Barnes wrote: > > > > > > > >If an application does not implement tor, and is not tor aware, it > > > >_will_ do a DNS lookup. You can't reall

Re: [DNSOP] discussion for draft-appelbaum-dnsop-onion-tld-00.txt

Not being on DNSOP, I may be missing context here, but this exchange jumped out at me as especially wrong: > Applications that do not implement the Tor protocol > > SHOULD generate an error upon the use of .onion, and SHOULD NOT > > perform a DNS lookup. > > > >If an application