Re: [secure-contexts] `*.localhost` + DNS from Adrian Hope-Bailie on 2016-05-04 (public-webappsec@w3.org from May 2016)

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Wed, 4 May 2016 21:57:36 +0200
To: Jeffrey Yasskin <jyasskin@google.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CA+eFz_K84VTx38rconH75WBggH6=hrVGp5iPD0dsnqYqZDKR2Q@mail.gmail.com>

> I don't think we need to call people "stupid" for not realizing that
localhost and 127.0.0.1 can be different.

You misunderstood my comment. I am referring to the fact that almost all
security design decisions have to make compromises to accommodate users
doing stupid stuff, not specifically calling out users that don't
understand DNS as stupid.

I'd say 90% of the debate in this group is about where to draw the line
between perfect security and users that for example don't read warnings, or
blindly click through dialogues etc.

If we trusted all users to not be stupid security would be easy :)

On 4 May 2016 at 18:54, Jeffrey Yasskin <jyasskin@google.com> wrote:

> On Wed, May 4, 2016 at 8:59 AM, Adrian Hope-Bailie
> <adrian@hopebailie.com> wrote:
> >> This violates expectations for users:
> >
> > What users and on what basis?
> >
> > If the "users" are developers then are you suggesting they don't
> understand
> > that there is a difference between localhost and 127.0.0.1?
> >
> > We always need to balance good security approaches with pandering to the
> > stupidity of users and I think that line can be drawn in a different
> place
> > when the users are explicitly Web developers.
>
> I don't think we need to call people "stupid" for not realizing that
> localhost and 127.0.0.1 can be different. We also don't need to
> satisfy every expectation when there are good reasons not to.
>
> Jeffrey
>

Received on Thursday, 5 May 2016 03:08:28 UTC