Re: Summary of the LLMNR Last Call

"Steven M. Bellovin" <smb@cs.columbia.edu> Tue, 20 September 2005 17:16 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHljL-0005vU-LT; Tue, 20 Sep 2005 13:16:31 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHljJ-0005tk-OT for ietf@megatron.ietf.org; Tue, 20 Sep 2005 13:16:29 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA15674 for <ietf@ietf.org>; Tue, 20 Sep 2005 13:16:26 -0400 (EDT)
Received: from machshav.com ([147.28.0.16]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EHlp9-0003L6-9o for ietf@ietf.org; Tue, 20 Sep 2005 13:22:33 -0400
Received: by machshav.com (Postfix, from userid 512) id 79E08FB28A; Tue, 20 Sep 2005 13:16:21 -0400 (EDT)
Received: from berkshire.machshav.com (localhost [127.0.0.1]) by machshav.com (Postfix) with ESMTP id 02EDCFB286; Tue, 20 Sep 2005 13:16:19 -0400 (EDT)
Received: from cs.columbia.edu (localhost [127.0.0.1]) by berkshire.machshav.com (Postfix) with ESMTP id B589F3BFCC6; Tue, 20 Sep 2005 12:19:34 -0400 (EDT)
X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: Your message of "Mon, 19 Sep 2005 22:01:39 PDT." <87y85swcwc.fsf@windlord.stanford.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 20 Sep 2005 12:19:34 -0400
Message-Id: <20050920161934.B589F3BFCC6@berkshire.machshav.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
Cc: Margaret Wasserman <margaret@thingmagic.com>, ietf@ietf.org, Bernard Aboba <aboba@internaut.com>
Subject: Re: Summary of the LLMNR Last Call
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

In message <87y85swcwc.fsf@windlord.stanford.edu>du>, Russ Allbery writes:
>Bernard Aboba <aboba@internaut.com> writes:
>
>> b. Confusion between security issues and namespace separation.  In
>> peer-to-peer name resolution protocols, it is possible for a responder
>> to demonstrate ownership of a name, via mechanisms such as DNSSEC.  It
>> is also possible for a responder to demonstrate membership in a trusted
>> group, such as via TSIG or IPsec.  If DNSSEC is available, spoofing
>> attacks are not possible, and querying for FQDNs does not expose the
>> sender to additional vulnerabilities.  Both the mDNS and LLMNR
>> specifications agree on this point.
>
>We agree that home burglary is a serious problem.  This is why we
>recommend that everyone hire an armed guard for their house.  If your
>house is monitored by armed guards, burglary is very unlikely.  Given that
>there is an effective security mechanism available, there's really no need
>to consider simple deterrants that won't provide true security.
>
DNSsec is very important for other reasons, such as the current 
pharming attacks.  The risks have been known in the security community 
since at least 1991, and publicly since at least 1995.  The long-
predicted attacks are now happening.  We really need to get DNSsec
deployed, independent of mDNS or LLMNR.  Given that there is now some 
forward progress on DNSsec, it's not at all unreasonable for either or 
both of those specs to rely on it to solve some of their particular 
security risks.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf