Re: Summary of the LLMNR Last Call

Bernard Aboba <> Tue, 20 September 2005 06:20 UTC

Received: from localhost.localdomain ([] by with esmtp (Exim 4.32) id 1EHbUN-0008AD-KO; Tue, 20 Sep 2005 02:20:23 -0400
Received: from ([] by with esmtp (Exim 4.32) id 1EHbUK-00089o-LJ for; Tue, 20 Sep 2005 02:20:20 -0400
Received: from (ietf-mx []) by (8.9.1a/8.9.1a) with ESMTP id CAA09180 for <>; Tue, 20 Sep 2005 02:20:16 -0400 (EDT)
Received: from ([] ident=mailnull) by with esmtp (Exim 4.43) id 1EHba2-00028m-Ej for; Tue, 20 Sep 2005 02:26:15 -0400
Received: from ([] by with esmtpa (Exim 4.51) id 1EHbUF-000L2v-1Z; Tue, 20 Sep 2005 02:20:15 -0400
Received: by (Postfix, from userid 1000) id 347A73501C; Mon, 19 Sep 2005 23:20:15 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2491035000; Mon, 19 Sep 2005 23:20:15 -0700 (PDT)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Report-Abuse-To: (see for abuse reporting information)
X-MHO-User: aboba
Date: Mon, 19 Sep 2005 23:20:15 -0700 (PDT)
From: Bernard Aboba <>
To: Russ Allbery <>
In-Reply-To: <>
Message-ID: <>
References: <> <p0620074fbf5509dd070a@[]> <> <>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32
Cc: Margaret Wasserman <>,
Subject: Re: Summary of the LLMNR Last Call
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

> We agree that home burglary is a serious problem.  This is why we
> recommend that everyone hire an armed guard for their house.  If your
> house is monitored by armed guards, burglary is very unlikely.  Given that
> there is an effective security mechanism available, there's really no need
> to consider simple deterrants that won't provide true security.

Not sure what this has to do with a link-scope resolution protocol 
supporting  name partitioning and DNSSEC.  LLMNR provides a simple 
deterrant in the case where security is available -- restricting the names 
for which queries are sent.  This is *exactly* the same mechanism used by 

> by it that are too useful to completely dismiss in general.  That being
> said, most systems attempt to avoid using those features when feasible and
> attempt to make all sources of information match exactly 

The NetBIOS and DNS names spaces have coexisted for more than two decades 
without requiring exact matches, because they do not overlap.  Similarly, 
"exact matches" can be ensured via security schemes such as DNSSEC while 
permitting overlapping name spaces.  So "exact matches" are neither 
sufficient nor necessary. 

*Both* the mDNS and LLMNR specifications agree on this point. The only difference 
is that mDNS uses ".local" for partioning, while it is suggested (but not required) 
that LLMNR implementations use single-label names. 

Ietf mailing list