Re: Summary of the LLMNR Last Call

Bernard Aboba <aboba@internaut.com> Tue, 20 September 2005 17:56 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHmLh-0002pf-Br; Tue, 20 Sep 2005 13:56:09 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHmLe-0002pV-L4 for ietf@megatron.ietf.org; Tue, 20 Sep 2005 13:56:06 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA19376 for <ietf@ietf.org>; Tue, 20 Sep 2005 13:56:02 -0400 (EDT)
Received: from outbound.mailhop.org ([63.208.196.171] ident=mailnull) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EHmRS-0004zn-I5 for ietf@ietf.org; Tue, 20 Sep 2005 14:02:08 -0400
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.51) id 1EHmLU-000LwS-AI; Tue, 20 Sep 2005 13:55:56 -0400
Received: by internaut.com (Postfix, from userid 1000) id 3D86934FB1; Tue, 20 Sep 2005 10:55:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by internaut.com (Postfix) with ESMTP id 2CC4A32889; Tue, 20 Sep 2005 10:55:56 -0700 (PDT)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.com (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
Date: Tue, 20 Sep 2005 10:55:56 -0700 (PDT)
From: Bernard Aboba <aboba@internaut.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
In-Reply-To: <20050920161934.B589F3BFCC6@berkshire.machshav.com>
Message-ID: <Pine.LNX.4.61.0509201051100.16781@internaut.com>
References: <20050920161934.B589F3BFCC6@berkshire.machshav.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 08170828343bcf1325e4a0fb4584481c
Cc: Margaret Wasserman <margaret@thingmagic.com>, ietf@ietf.org
Subject: Re: Summary of the LLMNR Last Call
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

> DNSsec is very important for other reasons, such as the current 
> pharming attacks.  The risks have been known in the security community 
> since at least 1991, and publicly since at least 1995.  The long-
> predicted attacks are now happening.  We really need to get DNSsec
> deployed, independent of mDNS or LLMNR.  Given that there is now some 
> forward progress on DNSsec, it's not at all unreasonable for either or 
> both of those specs to rely on it to solve some of their particular 
> security risks.

Couldn't agree more.  But if I'm not mistaken, the current DNSSEC 
specifications do not mandate that DNS stub resolvers be DNSSEC-aware 
validating, which is what would be required for use in a peer-to-peer name 
resolution protocol.  There is also the DNSEXT WG edict that mDNS/LLMNR 
not share a cache with DNS, which makes it difficult for mDNS/LLMNR to 
utilize trust anchors or acquired keys present in the DNS cache. 

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf