Re: Summary of the LLMNR Last Call
Russ Allbery <rra@stanford.edu> Tue, 20 September 2005 06:32 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHbgT-0003Cq-ER; Tue, 20 Sep 2005 02:32:53 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHbgP-00039t-Im for ietf@megatron.ietf.org; Tue, 20 Sep 2005 02:32:51 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA10254 for <ietf@ietf.org>; Tue, 20 Sep 2005 02:32:48 -0400 (EDT)
Received: from smtp3.stanford.edu ([171.67.16.138]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EHbmA-0002Sn-FE for ietf@ietf.org; Tue, 20 Sep 2005 02:38:47 -0400
Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.64.19.147]) by smtp3.Stanford.EDU (8.12.11/8.12.11) with ESMTP id j8K6Wavg017718; Mon, 19 Sep 2005 23:32:36 -0700
Received: by windlord.stanford.edu (Postfix, from userid 1000) id 6AB7BE7CA7; Mon, 19 Sep 2005 23:32:36 -0700 (PDT)
From: Russ Allbery <rra@stanford.edu>
To: Bernard Aboba <aboba@internaut.com>
In-Reply-To: <Pine.LNX.4.61.0509192258560.31975@internaut.com> (Bernard Aboba's message of "Mon, 19 Sep 2005 23:20:15 -0700 (PDT)")
Organization: The Eyrie
References: <Pine.LNX.4.61.0509191647510.23762@internaut.com> <p0620074fbf5509dd070a@[192.168.2.2]> <Pine.LNX.4.61.0509192043550.28535@internaut.com> <87y85swcwc.fsf@windlord.stanford.edu> <Pine.LNX.4.61.0509192258560.31975@internaut.com>
Date: Mon, 19 Sep 2005 23:32:36 -0700
Message-ID: <87oe6ow8or.fsf@windlord.stanford.edu>
User-Agent: Gnus/5.110004 (No Gnus v0.4) XEmacs/21.4.17 (linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
Cc: Margaret Wasserman <margaret@thingmagic.com>, ietf@ietf.org
Subject: Re: Summary of the LLMNR Last Call
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
Bernard Aboba <aboba@internaut.com> writes: >> We agree that home burglary is a serious problem. This is why we >> recommend that everyone hire an armed guard for their house. If your >> house is monitored by armed guards, burglary is very unlikely. Given >> that there is an effective security mechanism available, there's really >> no need to consider simple deterrants that won't provide true security. > Not sure what this has to do with a link-scope resolution protocol > supporting name partitioning and DNSSEC. LLMNR provides a simple > deterrant in the case where security is available -- restricting the > names for which queries are sent. This is *exactly* the same mechanism > used by mDNS. It was a possibly too sarcastic way of pointing out that I don't think DNSSEC is an answer to this concern. The difference between LLMNR and mDNS is one that I think is important. This is a place where a SHOULD is the least that needs to be said, and a MAY is simply not strong enough, not only for security reasons, but partly for that. If you said MAY *if* DNSSEC or TSIG is used, SHOULD otherwise, I would be somewhat less concerned, but still dubious. > The NetBIOS and DNS names spaces have coexisted for more than two > decades without requiring exact matches, because they do not overlap. If LLMNR required that the namespaces not overlap, I believe that would address many (although not all) of the concerns that were raised here. > Similarly, "exact matches" can be ensured via security schemes such as > DNSSEC while permitting overlapping name spaces. Is .com signed yet? > *Both* the mDNS and LLMNR specifications agree on this point. The only > difference is that mDNS uses ".local" for partioning, while it is > suggested (but not required) that LLMNR implementations use single-label > names. That's a very important difference to me. -- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/> _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Stuart Cheshire
- Re: Summary of the LLMNR Last Call grenville armitage
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Russ Allbery
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Russ Allbery
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Steven M. Bellovin
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Ned Freed
- Re: Summary of the LLMNR Last Call Robert Elz
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- .local [Re: Summary of the LLMNR Last Call] Brian E Carpenter
- Re: .local Frank Ellermann
- Re: Summary of the LLMNR Last Call Bill Manning
- 2606bis (was: .local) Frank Ellermann
- Re: 2606bis (was: .local) John C Klensin
- Re: 2606bis (was: .local) JFC (Jefsey) Morfin
- Re: 2606bis Frank Ellermann
- Re: 2606bis Bill Fenner
- Re: 2606bis John C Klensin
- Re: 2606bis JFC (Jefsey) Morfin
- Re: 2606bis Brian E Carpenter