Re: tcpip-forward requests and bind addresses

[Darren Tucker <dtucker%zip.com.au@localhost>]

der Mouse wrote:
> >   The server SHOULD treat an 'address to bind' of "localhost" to be a
> >   special case meaning to listen on all supported protocol families on
> >   its loopback interfaces only.
[...]
> Here, the first SHOULD at least makes sense, though what it's really
> doing is to define yet another special-case semantic.

The reason I said "SHOULD" is that some APIs have a guaranteed way of 
getting a loopback-only bind and I thought that would be preferable if 
available.  There may, however be a good reason for an implementation to 
rely on the name service for this, hence "SHOULD".

If the consensus is it's uncecessary it could be dropped and left as an 
implementation detail.

> I don't think the SHOULD/MUST/MAY language is appropriate here.  I'd
> word this something like
>
>     Some strings have special-case semantics: "" as an address to bind

"is an address" ?

>     means that connections are to be accepted from anywhere on all
>     protocol families supported by the SSH implementation.  "0.0.0.0"
>     means to listen on all IPv4 addresses

>     [note: not "interfaces"; the
>     mapping between intefaces and addresses can be multi-valued in
>     either direction].

That's a good point.

>     "::" means to listen on all IPv6 addresses.
>     "localhost" means to listen on all supported protocol families on
>     loopback addresses only.

"listen on all protocol families supported by the SSH implementation .." ?

>     "127.0.0.1" and "::1", while not really
>     special cases for a normally configured system [RFC3330] [RFC3515],

Is RFC3515 a typo?

>     indicate listening on the loopback interfaces for IPv4 and IPv6
>     respectively.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.