Summary of the LLMNR Last Call

Margaret Wasserman <margaret@thingmagic.com> Sun, 18 September 2005 14:10 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EGzsS-0004uS-6q; Sun, 18 Sep 2005 10:10:44 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EGzsP-0004uA-FB; Sun, 18 Sep 2005 10:10:42 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA25360; Sun, 18 Sep 2005 10:10:39 -0400 (EDT)
Received: from [204.9.221.21] (helo=thingmagic.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EGzxm-0007QD-MS; Sun, 18 Sep 2005 10:16:18 -0400
Received: from [66.30.121.250] (account margaret HELO [192.168.2.2]) by thingmagic.com (CommuniGate Pro SMTP 4.1.8) with ESMTP-TLS id 522945; Sun, 18 Sep 2005 10:11:55 -0400
Mime-Version: 1.0
Message-Id: <p0620071dbf52f99dab4c@[192.168.2.2]>
Date: Sun, 18 Sep 2005 10:09:07 -0400
To: ietf@ietf.org
From: Margaret Wasserman <margaret@thingmagic.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Spam-Score: 1.9 (+)
X-Scan-Signature: 1676547e4f33b5e63227e9c02bd359e3
Cc: namedropers@ops.ietf.org, iesg@ietf.org
Subject: Summary of the LLMNR Last Call
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

Hi All,

As I am sure many of you have noticed, there was extensive discussion 
during the IETF Last Call for "Link Local Multicast Name Resolution 
(LLMNR)" specification that is currently available as 
draft-ietf-dnsext-mdns-43.txt.  Thanks to all who participated!  The 
discussion appears to have quieted down at this point, so I will 
attempt to summarize the discussion and see if we can reach some 
conclusions.

First, I'll give a brief summary of the responses received:

By my count 38 separate individuals responded to the Last Call.  Some 
of these people responded on the IETF list, some on the IESG list, 
and some privately to me.  People who responded privately to others 
were not counted  :-).

Of the 38 respondents, only 18 of them stated an explicit opinion on 
the publication of LLMNR as a Proposed Standard RFC.  Others provided 
useful facts to inform the discussion and/or discussed other topics, 
such as the structure of the DNS root.  I was quite conservative 
about how I determined people's opinions, and I tried not to infer 
peoples' opinions from factual statements about only one of the 
protocols, etc.

Of the 18 people who expressed an explicit opinion, 14 people argued 
against the publication of LLMNR as a Proposed Standard.  I realize 
that we don't vote on specifications in the IETF.  I also realize 
that the IETF LC is worded to encourage the statements of objection 
and not to encourage statements of support.  However, the fact that 
14 separate individuals felt strongly enough that this document 
should not be published to say so explicitly in response to an IETF 
LC must be taken quite seriously.

In addition to a few minor nits or comments, all of which have been 
captured in the issue tracker, there seem to be three major concerns 
with the publication of this protocol:

(1) Concerns that publication of this protocol will be confusing or 
actively harmful given the existing wide deployment of Apple's mDNS 
protocol.

Concerns here seem to hinge on whether end-users will use .local 
extensions because they _think_ that they have mDNS available when 
they actually do not, which, when combined with LLMNR's default 
behavior of querying the DNS first, will result in a larger number of 
.local lookups in the global DNS.  There are several possible ways to 
alleviate this issue, including suppression of global queries for 
.local domains as part of an LLMNR implementation, or suppressing 
recursive lookups for names in the .local domain on the local DNS 
server, but none of these solutions is currently specified in the 
LLMNR specification or elsewhere.

(2) Security concerns have been raised about the fact that 
applications on hosts that implement LLMNR will not be able to tell 
if a response has come from the DNS or from a local lookup.

This opens applications to attack from nodes that can block global 
DNS access and substitute local resolution.  Some ways to eliminate 
or alleviate this issue might include:  using different domains (such 
as .local) to distinguish global and local lookups, explicitly using 
different global and local lookup mechanisms at the application 
level, only falling back to local resolution when a "no such name" 
response is received from the global DNS, placing further limits on 
what answers are acceptable from local lookups (only for certain 
domains configured as local, only within certain IP subnets...).

This security concern does not seem to be adequately explored and 
addressed in the LLMNR specification.  At the very minimum, it should 
be carefully explored in the security considerations section so that 
implementers and users can be aware of these concerns.

(3) Separate, but perhaps underlying both of the previous issues, 
there seems be a fundamental disagreement about what technical 
approach we should take to link-local name lookup.  LLMNR takes the 
approach that local lookups should use the same names as global 
lookups and that upper layers should not care whether a name was 
resolved in the global DNS or locally, essentially making the local 
lookup mechanism an extension of the DNS.  mDNS takes the approach 
that local lookups should be distinguishable from global lookups and 
accomplishes this through the use of a special local domain (.local).

This is an issue that has been discussed extensively in the DNSEXT WG 
at various times, and consensus was found to proceed with the LLMNR 
approach.  However, it is not clear whether that consensus is held by 
the wider IETF community, as there are at least 14 people in the IETF 
who have explicitly disagreed with that decision during IETF LC.

So, based on the IETF LC discussion of this document, I have come to 
two conclusions:

CONCLUSION 1:  There are at least two blocking technical issues with 
the LLMNR specification (raised in items #1 and #2 above) that would 
need to be resolved before this document is technically ready for 
publication as an Proposed Standard RFC.  We should resolve these 
issues and determine that the IETF community is satisfied with their 
resolution before sending the document to IESG review.

CONCLUSION 2: The IETF community does not currently have consensus to 
standardize a local name resolution mechanism that takes the approach 
described in LLMNR.  Further work would be needed to establish the 
IETF consensus required to publish this document as a Proposed 
Standard.

Based on these conclusions, I do not intend to forward the LLMNR 
specification to the IESG for review and approval.  I am planning to 
send the document back to the WG for resolution of these issues and 
would issue another IETF LC if/when the WG believes that they have a 
document that will address these issues and reach IETF consensus.

We have a number of choices about how to proceed in this situation, 
but before we talk about next steps, I would like to hear any 
feedback that people might have regarding my summary of the 
discussion so far and the conclusions that I have reached from it.

Margaret




_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf