Re: Summary of the LLMNR Last Call
"Steven M. Bellovin" <smb@cs.columbia.edu> Tue, 20 September 2005 17:16 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHljL-0005vU-LT; Tue, 20 Sep 2005 13:16:31 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHljJ-0005tk-OT for ietf@megatron.ietf.org; Tue, 20 Sep 2005 13:16:29 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA15674 for <ietf@ietf.org>; Tue, 20 Sep 2005 13:16:26 -0400 (EDT)
Received: from machshav.com ([147.28.0.16]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EHlp9-0003L6-9o for ietf@ietf.org; Tue, 20 Sep 2005 13:22:33 -0400
Received: by machshav.com (Postfix, from userid 512) id 79E08FB28A; Tue, 20 Sep 2005 13:16:21 -0400 (EDT)
Received: from berkshire.machshav.com (localhost [127.0.0.1]) by machshav.com (Postfix) with ESMTP id 02EDCFB286; Tue, 20 Sep 2005 13:16:19 -0400 (EDT)
Received: from cs.columbia.edu (localhost [127.0.0.1]) by berkshire.machshav.com (Postfix) with ESMTP id B589F3BFCC6; Tue, 20 Sep 2005 12:19:34 -0400 (EDT)
X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: Your message of "Mon, 19 Sep 2005 22:01:39 PDT." <87y85swcwc.fsf@windlord.stanford.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 20 Sep 2005 12:19:34 -0400
Message-Id: <20050920161934.B589F3BFCC6@berkshire.machshav.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
Cc: Margaret Wasserman <margaret@thingmagic.com>, ietf@ietf.org, Bernard Aboba <aboba@internaut.com>
Subject: Re: Summary of the LLMNR Last Call
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
In message <87y85swcwc.fsf@windlord.stanford.edu>, Russ Allbery writes: >Bernard Aboba <aboba@internaut.com> writes: > >> b. Confusion between security issues and namespace separation. In >> peer-to-peer name resolution protocols, it is possible for a responder >> to demonstrate ownership of a name, via mechanisms such as DNSSEC. It >> is also possible for a responder to demonstrate membership in a trusted >> group, such as via TSIG or IPsec. If DNSSEC is available, spoofing >> attacks are not possible, and querying for FQDNs does not expose the >> sender to additional vulnerabilities. Both the mDNS and LLMNR >> specifications agree on this point. > >We agree that home burglary is a serious problem. This is why we >recommend that everyone hire an armed guard for their house. If your >house is monitored by armed guards, burglary is very unlikely. Given that >there is an effective security mechanism available, there's really no need >to consider simple deterrants that won't provide true security. > DNSsec is very important for other reasons, such as the current pharming attacks. The risks have been known in the security community since at least 1991, and publicly since at least 1995. The long- predicted attacks are now happening. We really need to get DNSsec deployed, independent of mDNS or LLMNR. Given that there is now some forward progress on DNSsec, it's not at all unreasonable for either or both of those specs to rely on it to solve some of their particular security risks. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Stuart Cheshire
- Re: Summary of the LLMNR Last Call grenville armitage
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Russ Allbery
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Russ Allbery
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Steven M. Bellovin
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Ned Freed
- Re: Summary of the LLMNR Last Call Robert Elz
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- .local [Re: Summary of the LLMNR Last Call] Brian E Carpenter
- Re: .local Frank Ellermann
- Re: Summary of the LLMNR Last Call Bill Manning
- 2606bis (was: .local) Frank Ellermann
- Re: 2606bis (was: .local) John C Klensin
- Re: 2606bis (was: .local) JFC (Jefsey) Morfin
- Re: 2606bis Frank Ellermann
- Re: 2606bis Bill Fenner
- Re: 2606bis John C Klensin
- Re: 2606bis JFC (Jefsey) Morfin
- Re: 2606bis Brian E Carpenter