I’m puzzled by much of this discussion.
We want a way for an application to indicate that it wants a loopback
connection to another port on the local host.
People widely use “localhost” for this.
But other people argue that a mere RFC can’t guarantee that a host doesn’t
violate the assumption
On Wed, Aug 9, 2017 at 12:31 PM, Stuart Cheshire wrote:
> [*] If you think it’s stupid to suggest a host might not treat “127.0.0.1”
> as meaning loopback, why is that any more stupid than suggesting that a
> host might not treat “localhost” as meaning loopback? Both are just as
> arbitrary.
Th
Stuart Cheshire wrote:
> [*] If you think it’s stupid to suggest a host might not treat “127.0.0.1” as
> meaning loopback, why is that any more stupid than suggesting that a host
> might not treat “localhost” as meaning loopback? Both are just as arbitrary.
As far as I can tell, "let 127.0.0.1 b
On 09/08/2017 17:44, Ted Lemon wrote:
> Of course, the real answer to this is that neither solution is
> desirable. I've heard several people here say that if localhost were
> "fixed" in an RFC, then the W3C could mark http connections to localhost
> as secure, rather than insecure. This is
Hi,
On Thu, Aug 03, 2017 at 03:36:24PM -0700, Dave Crocker wrote:
> deal with that fully, in a single spec produced an especially confused
> draft, roughly 10 years ago.
I _think_ I may be one of the people who complained at the time, and
if I recall correctly what Dave and I agreed about (maybe
