Response to LLMNR Last Call Comments
Bernard Aboba <aboba@internaut.com> Thu, 22 September 2005 18:13 UTC
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EIVZ9-0007Ig-8Z for dnsext-archive@megatron.ietf.org; Thu, 22 Sep 2005 14:13:03 -0400
Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA14851 for <dnsext-archive@lists.ietf.org>; Thu, 22 Sep 2005 14:13:01 -0400 (EDT)
Received: from majordom by psg.com with local (Exim 4.50 (FreeBSD)) id 1EIVWL-000MAQ-Aa for namedroppers-data@psg.com; Thu, 22 Sep 2005 18:10:09 +0000
Received: from [63.208.196.171] (helo=outbound.mailhop.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.50 (FreeBSD)) id 1EIVWJ-000MAE-7z for namedroppers@ops.ietf.org; Thu, 22 Sep 2005 18:10:07 +0000
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.51) id 1EIVWH-000FTe-LF for namedroppers@ops.ietf.org; Thu, 22 Sep 2005 14:10:05 -0400
Received: by internaut.com (Postfix, from userid 1000) id C825F34FF3; Thu, 22 Sep 2005 11:10:05 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by internaut.com (Postfix) with ESMTP id BA61132887 for <namedroppers@ops.ietf.org>; Thu, 22 Sep 2005 11:10:05 -0700 (PDT)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.com (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
Date: Thu, 22 Sep 2005 11:10:05 -0700
From: Bernard Aboba <aboba@internaut.com>
To: namedroppers@ops.ietf.org
Subject: Response to LLMNR Last Call Comments
Message-ID: <Pine.LNX.4.61.0509221020010.21005@internaut.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on psg.com
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.2
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Edward Lewis said: "Security concerns I understand and would become a work item" Since security issues came up in the LLMNR Last Call discussions, it would be useful for DNSEXT WG to discuss that issue, although I'm not clear that a separate work item would be required. For example, it would be useful to understand what if any barriers exist to the use of TSIG, SIG(0) and DNSSEC in the mDNS and LLMNR specifications, and how they could be overcome. It would also be useful for the DNSEXT WG to discuss the other issues that were raised, such as defining the behavior of DNS resolvers with respect to the .local domain. Paul Vixie stated: >while i agree with this in general, i have three specific concerns. > >1. the right way to do multicast DNS is draft-manning-opcode-discover-01, So why not publish that document as well? > and while apple and microsoft both call their approaches "multicast > dns" they are really "overloading dns to carry service discovery in > multicast". LLMNR is not a service discovery protocol. It is usable solely for name resolution. While the discussion of mDNS in the two ZEROCONF BOFs centered on service discovery, discussion in the ZEROCONF WG did not converge and work on service discovery was not chartered in ZEROCONF or DNSEXT. Since people's memory of events that occurred more than 6 years ago may be a bit foggy, I've gone back through the proceedings, which document what happened in the ZEROCONF BOFs, as well as early discussions in the DNSEXT WG. That information is available here: http://www.drizzle.com/~aboba/DNSEXT/history.txt >2. any attempt to merge mdns and llmnr MUST be backward compatible with >mdns, since apple has created an important new economy of mdns >services/devices and ietf should only ignore this economy if mdns is the >provably wrong approach, rather than merely suboptimal in some way (that >i'm unaware of). mDNS is designed to serve as a service discovery substrate for DNS-SD. If the DNSEXT WG and IESG want to reverse their prior edicts against DNS-SD and use of DNS for service discovery, as well as the refusal to allow Bill's document to move forward, that is fine with me. However, that is really an orthogonal issue as far as LLMNR is concerned. At this point, LLMNR has also shipped in multiple implementations, and given the past history of IETF activity, I doubt there is anyone interested in working on a "merger" effort. The only reasonable thing to do is to address the LC comments, publish (as Experimental or Informational, probably) and move on. >3. if this is really about PnP, i sure wish that everybody would just say >so and re-frame the debate in PnP terms and stop treating it as a dns >issue that's somehow relevant to the skills of the core namedroppers >community. While mDNS relates to PnP service discovery, LLMNR does not. So no, the LLMNR discussion isn't about PnP or service discovery. It's largely about security issues, and resolver behavior. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- Response to LLMNR Last Call Comments Bernard Aboba
- Re: Response to LLMNR Last Call Comments Bernard Aboba
- Re: Response to LLMNR Last Call Comments Margaret Wasserman