Re: Summary of the LLMNR Last Call

Bernard Aboba <aboba@internaut.com> Tue, 20 September 2005 04:31 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHZmg-0005zq-VC; Tue, 20 Sep 2005 00:31:10 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHZme-0005zl-GS for ietf@megatron.ietf.org; Tue, 20 Sep 2005 00:31:08 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA20476 for <ietf@ietf.org>; Tue, 20 Sep 2005 00:31:05 -0400 (EDT)
Received: from outbound.mailhop.org ([63.208.196.171] ident=mailnull) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EHZsN-0007xX-Gi for ietf@ietf.org; Tue, 20 Sep 2005 00:37:05 -0400
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.51) id 1EHZmb-00053z-0V; Tue, 20 Sep 2005 00:31:05 -0400
Received: by internaut.com (Postfix, from userid 1000) id 20BE035015; Mon, 19 Sep 2005 21:31:05 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by internaut.com (Postfix) with ESMTP id 1132A34FFD; Mon, 19 Sep 2005 21:31:05 -0700 (PDT)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.com (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
Date: Mon, 19 Sep 2005 21:31:05 -0700 (PDT)
From: Bernard Aboba <aboba@internaut.com>
To: Margaret Wasserman <margaret@thingmagic.com>
In-Reply-To: <p0620074fbf5509dd070a@[192.168.2.2]>
Message-ID: <Pine.LNX.4.61.0509192043550.28535@internaut.com>
References: <Pine.LNX.4.61.0509191647510.23762@internaut.com> <p0620074fbf5509dd070a@[192.168.2.2]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab
Cc: ietf@ietf.org
Subject: Re: Summary of the LLMNR Last Call
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

> I would be very interested in understanding what technical errors I made and I
> would appreciate if you would share the details with me, perhaps off-line.

The message sent to the IETF list contains several major technical errors, 
including:

a. Confusing DNS resolver behavior with the behavior of LLMNR 
implementations.  The sending of .local queries to the global DNS, while 
potentially a serious problem, results from the behavior of existing DNS 
resolver implementations.  This problem exists today on the vast 
majority of Internet hosts, which do not implement either mDNS or 
LLMNR.  Given this, putting language into the LLMNR specification 
to "fix" an orthogonal issue makes no sense. 

Even fixing the issue in another IETF specification could prove sticky, 
because it can be argued that the IANA has authority over the allocation of 
new TLDs such as ".local" not the IETF, which is why the DNSEXT WG 
recommended early on that the ".local.arpa" domain be used instead of 
".local". 

b. Confusion between security issues and namespace separation.  In 
peer-to-peer name resolution protocols, it is possible for a responder to 
demonstrate ownership of a name, via mechanisms such as DNSSEC.  It is 
also possible for a responder to demonstrate membership in a trusted 
group, such as via TSIG or IPsec.  If DNSSEC is available, spoofing 
attacks are not possible, and querying for FQDNs does not expose the 
sender to additional vulnerabilities.  Both the mDNS and LLMNR 
specifications agree on this point.

c. Lack of consideration of existing practice.  Internet hosts have used 
multiple name resolution mechanisms based on a single API for more than 
two decades, with no ill effects.  For example, *NIX systems have utilized 
/etc/host files, NIS and DNS;  Windows systems utilize LMHOSTS, DNS and 
NetBIOS.  The issue of integration of multiple name services is dealt 
within multiple RFCs, including RFC 1001 which defines NetBIOS and 
describes how it coexists with DNS and RFC 2937, which describes the Name 
Service Search Option for DHCP.  In practice, hundreds of millions of 
Internet hosts use these mechanisms every day.  If you type "http://foo/" 
in the browser of a Windows host, a DNS query for "foo" is not sent over 
the wire; only a NetBIOS query is sent.  This is not rocket science. 

> Please remember, though, that most of my note was not meant to express my own
> technical opinion, it was an attempt to summarize the issues that were raised
> by others in this discussion.

The job of an IESG member is not to repeat mistatements, it is to use their 
judgement.  In this and other instances, the IESG appears to have lost sight 
of its mission.  The best interest of the Internet community lies not in 
blocking the publication of documents that fall outside today's orthodoxy, 
but rather in providing information to the Internet community.  In this case, 
that interest would be best served by publishing *all* documents 
relating to mDNS and LLMNR, especially the ones that the DNSEXT WG has found 
most objectionable (such as DNS-SD, and Bill Manning's DISCOVER OPCODE draft). 

I must admit that at one point, I did not see value in funding the RFC 
Editor to publish documents outside of the IETF process, via the RFC 
Editor Individual Submission route, described in RFC 3932.  However, now 
it has become abundantly evident that this represents an important 
safety mechanism that needs to be preserved going forward.  

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf