Re: Summary of the LLMNR Last Call

Ned Freed <ned.freed@mrochek.com> Tue, 20 September 2005 18:59 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHnLB-0003F9-Ql; Tue, 20 Sep 2005 14:59:41 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHnL9-0003F1-AL for ietf@megatron.ietf.org; Tue, 20 Sep 2005 14:59:39 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA22702 for <ietf@ietf.org>; Tue, 20 Sep 2005 14:59:37 -0400 (EDT)
Received: from mauve.mrochek.com ([209.55.107.55]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EHnQx-0006fB-DZ for ietf@ietf.org; Tue, 20 Sep 2005 15:05:40 -0400
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01LT94SCDGPC001V48@mauve.mrochek.com> (original mail from ned.freed@mrochek.com) for ietf@ietf.org; Tue, 20 Sep 2005 11:59:21 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=nowsp; d=mrochek.com; s=mauve; t=1127242760; h=Date: From:Subject:MIME-version:Content-type; b=pWaAzgn9N6+/9VJrA4bPD9p+W 6RDbFPEnSrhoCxCD5sjMJwBkG416bwxuymx3000cfdP5WRF13wHeTOWX+pM6w==
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01LT7VL4NM34000092@mauve.mrochek.com>; Tue, 20 Sep 2005 11:59:16 -0700 (PDT)
To: Russ Allbery <rra@stanford.edu>
Message-id: <01LT94SAUPFO000092@mauve.mrochek.com>
Date: Tue, 20 Sep 2005 11:53:06 -0700 (PDT)
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Mon, 19 Sep 2005 22:01:39 -0700" <87y85swcwc.fsf@windlord.stanford.edu>
MIME-version: 1.0
Content-type: TEXT/PLAIN
References: <Pine.LNX.4.61.0509191647510.23762@internaut.com> <p0620074fbf5509dd070a@[192.168.2.2]> <Pine.LNX.4.61.0509192043550.28535@internaut.com> <87y85swcwc.fsf@windlord.stanford.edu>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081
Cc: Margaret Wasserman <margaret@thingmagic.com>, ietf@ietf.org, Bernard Aboba <aboba@internaut.com>
Subject: Re: Summary of the LLMNR Last Call
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

> Bernard Aboba <aboba@internaut.com> writes:

> > b. Confusion between security issues and namespace separation.  In
> > peer-to-peer name resolution protocols, it is possible for a responder
> > to demonstrate ownership of a name, via mechanisms such as DNSSEC.  It
> > is also possible for a responder to demonstrate membership in a trusted
> > group, such as via TSIG or IPsec.  If DNSSEC is available, spoofing
> > attacks are not possible, and querying for FQDNs does not expose the
> > sender to additional vulnerabilities.  Both the mDNS and LLMNR
> > specifications agree on this point.

> We agree that home burglary is a serious problem.  This is why we
> recommend that everyone hire an armed guard for their house.  If your
> house is monitored by armed guards, burglary is very unlikely.  Given that
> there is an effective security mechanism available, there's really no need
> to consider simple deterrants that won't provide true security.

We do have a strong tendency to let the best be the enemy pf the good, don't
we?

> > c. Lack of consideration of existing practice.  Internet hosts have used
> > multiple name resolution mechanisms based on a single API for more than
> > two decades, with no ill effects.

> "No ill effects" is a horribly inaccurate description of the effects of
> that design.  A much more accurate description would be that Internet
> hosts have used multiple name resolution mechanisms through a single API
> out of necessity for more than two decades, have suffered frequent ill
> effects up to and including major outages because of it, but have
> struggled along with that design because there are some features provided
> by it that are too useful to completely dismiss in general.  That being
> said, most systems attempt to avoid using those features when feasible and
> attempt to make all sources of information match exactly to avoid the
> serious and often hard-to-diagnose problems of conflicting information.

> If you think that using /etc/hosts, NIS, and DNS at the same time on
> systems to provide name resolution is a *success* story, your perceptions
> of the practical problems of name resolution in Internet hosts is
> drastically different than mine.  You've also had to maintain far less
> code to try to work around bizarre inconsistencies in gethostbyname
> responses than I have.

I could not agree more. This particular hairball has been a consisent source of
support problems around two decades now. In fact it may have set some sort of
record: I cannot think of anything else we were using 20 years ago is still
causing exactly the same sorts of problems it caused back then.

				Ned

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf