Mark, Do you plan to attend the Sunset4 meeting on Thursday?
Your valuable input will be welcome, and, I partially agree that SUNSET4 is not the only place where the expertise lies in this issue. And, finally I agree with you that 'localhost' should/must be the same as 'localhost.' -éric On 18/10/16 01:53, "sunset4 on behalf of Mark Andrews" <[email protected] on behalf of [email protected]> wrote: > >I would argue that sunset4 doesn't have the depth of expertise to >do this properly. That the issues are much more nuanced than the >draft makes out. > >I would argue that there needs to be the equivalent of a local DNS >server for the zone localhost. More than A and AAAA records need >to be able to be returned. > >I would argue that the root zone needs a insecure delegation for >localhost. > >I would argue that the input string "localhost" needs to be treated >as absolute. i.e. search lists don't apply. > >Mark > >In message <[email protected]>, "Marc >Blanchet" writes: >> On 17 Oct 2016, at 12:19, Erik Nygren wrote: >> >> > In the hopes of allowing devices to some day drop their IPv4 stacks, >> > one >> > thing we will need to keep an eye out for is any behavior that >> > encourages >> > hard-coding 127.0.0.1 or ::1 rather than using a "localhost" >> > abstraction. >> > In the W3C WebAppSec Secure Context discussion, there has been >>concern >> > that >> > "localhost" shouldn't be a "secure context" (unlike 127.0.0.1 and >>::1) >> > due >> > to resolvers not always returning localhost. I worry that this could >> > result in increased use of "127.0.0.1" (such as by web pages >> > containing >> > URLs instructing clients to talk to a localhost resource service). >> > >> > Mike West has written up a "let localhost be localhost" draft to >>cover >> > this: >> > >> > >>https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-02 >> > >> > I'm sure feedback is quite welcome (and I wonder if sunset4 might be >> > one >> > reasonable place to pick up this work?). >> >> interesting issue. It certainly relates to name resolution not behaving >> the way it should. >> >> But yes, sunset4 make sense to pick up this work. >> >> would one of you two be in Seoul? If yes, we could carve up 5-10 >>minutes >> in the agenda for that topic. >> >> Marc. >> >> > >> > Some background: >> > https://github.com/w3c/webappsec-secure-contexts/issues/43 >> > >> > - Erik >> >> >> > _______________________________________________ >> > sunset4 mailing list >> > [email protected] >> > https://www.ietf.org/mailman/listinfo/sunset4 >> >> _______________________________________________ >> sunset4 mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/sunset4 >-- >Mark Andrews, ISC >1 Seymour St., Dundas Valley, NSW 2117, Australia >PHONE: +61 2 9871 4742 INTERNET: [email protected] > >_______________________________________________ >sunset4 mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/sunset4 _______________________________________________ sunset4 mailing list [email protected] https://www.ietf.org/mailman/listinfo/sunset4
