I would argue that sunset4 doesn't have the depth of expertise to do this properly. That the issues are much more nuanced than the draft makes out.
I would argue that there needs to be the equivalent of a local DNS server for the zone localhost. More than A and AAAA records need to be able to be returned. I would argue that the root zone needs a insecure delegation for localhost. I would argue that the input string "localhost" needs to be treated as absolute. i.e. search lists don't apply. Mark In message <[email protected]>, "Marc Blanchet" writes: > On 17 Oct 2016, at 12:19, Erik Nygren wrote: > > > In the hopes of allowing devices to some day drop their IPv4 stacks, > > one > > thing we will need to keep an eye out for is any behavior that > > encourages > > hard-coding 127.0.0.1 or ::1 rather than using a "localhost" > > abstraction. > > In the W3C WebAppSec Secure Context discussion, there has been concern > > that > > "localhost" shouldn't be a "secure context" (unlike 127.0.0.1 and ::1) > > due > > to resolvers not always returning localhost. I worry that this could > > result in increased use of "127.0.0.1" (such as by web pages > > containing > > URLs instructing clients to talk to a localhost resource service). > > > > Mike West has written up a "let localhost be localhost" draft to cover > > this: > > > > https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-02 > > > > I'm sure feedback is quite welcome (and I wonder if sunset4 might be > > one > > reasonable place to pick up this work?). > > interesting issue. It certainly relates to name resolution not behaving > the way it should. > > But yes, sunset4 make sense to pick up this work. > > would one of you two be in Seoul? If yes, we could carve up 5-10 minutes > in the agenda for that topic. > > Marc. > > > > > Some background: > > https://github.com/w3c/webappsec-secure-contexts/issues/43 > > > > - Erik > > > > _______________________________________________ > > sunset4 mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/sunset4 > > _______________________________________________ > sunset4 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sunset4 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ sunset4 mailing list [email protected] https://www.ietf.org/mailman/listinfo/sunset4
