>> As this proposal is in the name of consistency, is there an argument we >> should be strict and explicitly define *which* loopback address DNS servers >> must return when queried? > >I was intentionally vague on that point, as one of the scenarios raised in >https://github.com/w3c/webappsec-secure-contexts/issues/43 was a developer >who was pointing `project1.localhost` to 127.0.0.1, and >`project2.localhost` to 127.0.0.2 in /etc/hosts (and presumably had a >server configured accordingly). It seems like that's a reasonable thing to >support. Any loopback address is fine with me. I use multiple IPv4 127/8 addresses all the time. For example, I run a funky local stunt DNS server on 127.0.1.1 and configure my local DNS cache to use it for a branch of the name tree. So yes, any loopback address will do. (We can save the question about a link-local IPv6 address on a loopback interface for later.) R's, John