Name ownership and LLMNR (Re: Last Call: 'Linklocal Multicast Name Resolution...)

Harald Tveit Alvestrand <harald@alvestrand.no> Thu, 01 September 2005 09:45 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAldR-0001z8-JO; Thu, 01 Sep 2005 05:45:29 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAldO-0001yM-US for ietf@megatron.ietf.org; Thu, 01 Sep 2005 05:45:27 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA07758 for <ietf@ietf.org>; Thu, 1 Sep 2005 05:45:24 -0400 (EDT)
Received: from eikenes.alvestrand.no ([158.38.152.233]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EAlfI-0007UN-0V for ietf@ietf.org; Thu, 01 Sep 2005 05:47:26 -0400
Received: from localhost (eikenes.alvestrand.no [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 7505432009F; Thu, 1 Sep 2005 11:44:56 +0200 (CEST)
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20994-08; Thu, 1 Sep 2005 11:44:51 +0200 (CEST)
Received: from halvestr-w2k02.emea.cisco.com (eikenes.alvestrand.no [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 3A5843200A0; Thu, 1 Sep 2005 11:44:51 +0200 (CEST)
Date: Thu, 01 Sep 2005 11:43:59 +0200
From: Harald Tveit Alvestrand <harald@alvestrand.no>
To: Keith Moore <moore@cs.utk.edu>, Dave Singer <singer@apple.com>
Message-ID: <B2C6F40E0409805428ED7669@B50854F0A9192E8EC6CDA126>
In-Reply-To: <431676B7.5040302@cs.utk.edu>
References: <DAC3FCB50E31C54987CD10797DA511BA1096B57F@WIN-MSG-10.wingroup.win deploy.n tdev.microsoft.com> <p06230956bf3bd9a4992d@[17.202.35.52]> <431676B7.5040302@cs.utk.edu>
X-Mailer: Mulberry/4.0.3 (Win32)
MIME-Version: 1.0
X-Virus-Scanned: by amavisd-new at alvestrand.no
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6cca30437e2d04f45110f2ff8dc1b1d5
Cc: ietf@ietf.org
Subject: Name ownership and LLMNR (Re: Last Call: 'Linklocal Multicast Name Resolution...)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0746837284=="
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

We're probably rehashing the DNSEXT discussion here, but I wasn't part of 
the DNSEXT discussion.....

LLMNR allows me to treat names in a different way than mDNS does.
If I have a name that I'm certain I own (this box is, with high certainty, 
the only one in the world named HALVESTR-W2K02.emea.cisco.com), LLMNR 
allows me to assert that name on a LAN even when the DNS is not available, 
or when that name is not currently asserted in the DNS.

mDNS, as I understand it, doesn't allow me to do that - I would have to 
assert "HALVESTR-W2K02.local", or "HALVESTR-W2K02.emea.cisco.com.local".

If we separate the concept of "name ownership" from "name assertion 
mechanism", and regard the DNS as just one mechanism of name assertion, 
then the problem reduces to "how do I prove that I have rights to the 
name", rather than "what name should I assert".

I think the LLMNR spec, which only talks about mechanism, is missing a 
reference to some other document (which may not exist, being too 
controversial to get written) laying out a theory of name ownership, in 
which both DNS and LLMNR fit as assertion mechanisms.

Not that I can say, based on this, that one of (LLMNR, mDNS) is better than 
the other. But it certainly emphasizes the fact that they're attacking the 
problem from completely different perspectives.

                           Harald

--On 31. august 2005 23:34 -0400 Keith Moore <moore@cs.utk.edu> wrote:

> Dave Singer wrote:
>> The whole idea that 'real DNS' can arbitrarily pre-empt local name
>> resolution seems, well, wrong, and needs serious study for security
>> implications for the services using those names, no?
>
> The whole idea that local names should look like DNS names and be queried
> through the same APIs and user interfaces seems, well, wrong (or dubious
> at best), and needs serious study for the implications of applications
> using those APIs and the impact of such names on DNS, no?
>
> IMO, local names and a lookup service for local names would be extremely
> useful, but neither the names nor the query interface should look much
> like DNS - the names should look different because otherwise there's too
> much potential for confusion with DNS names, and the query service should
> look different because local name lookup service probably can't make the
> same kinds of consistency or stability assurances that DNS does.
>
>
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www1.ietf.org/mailman/listinfo/ietf
>
>



_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf