Re: Summary of the LLMNR Last Call
Bernard Aboba <aboba@internaut.com> Tue, 20 September 2005 13:05 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHhoj-0004Z3-BZ; Tue, 20 Sep 2005 09:05:49 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHhod-0004Wo-Og for ietf@megatron.ietf.org; Tue, 20 Sep 2005 09:05:43 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA28509 for <ietf@ietf.org>; Tue, 20 Sep 2005 09:05:41 -0400 (EDT)
Received: from outbound.mailhop.org ([63.208.196.171] ident=mailnull) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EHhuS-00040t-C9 for ietf@ietf.org; Tue, 20 Sep 2005 09:11:45 -0400
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.51) id 1EHhoZ-000O02-9c; Tue, 20 Sep 2005 09:05:39 -0400
Received: by internaut.com (Postfix, from userid 1000) id 316EB35015; Tue, 20 Sep 2005 06:05:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by internaut.com (Postfix) with ESMTP id 1994934FFE; Tue, 20 Sep 2005 06:05:39 -0700 (PDT)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.com (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
Date: Tue, 20 Sep 2005 06:05:38 -0700
From: Bernard Aboba <aboba@internaut.com>
To: Margaret Wasserman <margaret@thingmagic.com>
In-Reply-To: <p06200755bf557e9290de@[192.168.2.2]>
Message-ID: <Pine.LNX.4.61.0509200538030.9546@internaut.com>
References: <Pine.LNX.4.61.0509191647510.23762@internaut.com> <p0620074fbf5509dd070a@[192.168.2.2]> <Pine.LNX.4.61.0509192043550.28535@internaut.com> <p06200755bf557e9290de@[192.168.2.2]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Score: 1.9 (+)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Cc: ietf@ietf.org
Subject: Re: Summary of the LLMNR Last Call
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
> You might note that in the technical discussion, I argued _against_ the idea > that this is a problem with LLMNR. Personally, I consider the fact that mDNS > attaches special semantics to .local to be a problem with mDNS. If the DNSEXT WG wants to document recommended resolver behavior with respect to the .local domain, it can do so. However, your message essentially *orders* the WG to do so, as a precondition for publishing any documents on the topic. That is inappropriate. > Absent any mandatory-to-implement security, we sometimes accept an > applicability statement that explains the environments in which it is safe to > use a protocol without any protocol-specific security mechanism, but I didn't > find that in the LLMNR document either. Is it there? Yes, it is. >From Section 5.2: Limiting the situations in which LLMNR queries are sent, as described in Section 2, is the best protection against these attacks. >From Section 2: While these conditions are necessary for sending an LLMNR query, they are not sufficient. While an LLMNR sender MAY send a query for any name, it also MAY impose additional conditions on sending LLMNR queries. For example, a sender configured with a DNS server MAY send LLMNR queries only for unqualified names and for fully qualified domain names within configured zones. Is this issue only about whether the MAYs are to be upgraded to a SHOULD or MUST? _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Stuart Cheshire
- Re: Summary of the LLMNR Last Call grenville armitage
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Russ Allbery
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Russ Allbery
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Steven M. Bellovin
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Ned Freed
- Re: Summary of the LLMNR Last Call Robert Elz
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- .local [Re: Summary of the LLMNR Last Call] Brian E Carpenter
- Re: .local Frank Ellermann
- Re: Summary of the LLMNR Last Call Bill Manning
- 2606bis (was: .local) Frank Ellermann
- Re: 2606bis (was: .local) John C Klensin
- Re: 2606bis (was: .local) JFC (Jefsey) Morfin
- Re: 2606bis Frank Ellermann
- Re: 2606bis Bill Fenner
- Re: 2606bis John C Klensin
- Re: 2606bis JFC (Jefsey) Morfin
- Re: 2606bis Brian E Carpenter