Re: Summary of the LLMNR Last Call
Ned Freed <ned.freed@mrochek.com> Tue, 20 September 2005 18:59 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHnLB-0003F9-Ql; Tue, 20 Sep 2005 14:59:41 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EHnL9-0003F1-AL for ietf@megatron.ietf.org; Tue, 20 Sep 2005 14:59:39 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA22702 for <ietf@ietf.org>; Tue, 20 Sep 2005 14:59:37 -0400 (EDT)
Received: from mauve.mrochek.com ([209.55.107.55]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EHnQx-0006fB-DZ for ietf@ietf.org; Tue, 20 Sep 2005 15:05:40 -0400
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01LT94SCDGPC001V48@mauve.mrochek.com> (original mail from ned.freed@mrochek.com) for ietf@ietf.org; Tue, 20 Sep 2005 11:59:21 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=nowsp; d=mrochek.com; s=mauve; t=1127242760; h=Date: From:Subject:MIME-version:Content-type; b=pWaAzgn9N6+/9VJrA4bPD9p+W 6RDbFPEnSrhoCxCD5sjMJwBkG416bwxuymx3000cfdP5WRF13wHeTOWX+pM6w==
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01LT7VL4NM34000092@mauve.mrochek.com>; Tue, 20 Sep 2005 11:59:16 -0700 (PDT)
To: Russ Allbery <rra@stanford.edu>
Message-id: <01LT94SAUPFO000092@mauve.mrochek.com>
Date: Tue, 20 Sep 2005 11:53:06 -0700
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Mon, 19 Sep 2005 22:01:39 -0700" <87y85swcwc.fsf@windlord.stanford.edu>
MIME-version: 1.0
Content-type: TEXT/PLAIN
References: <Pine.LNX.4.61.0509191647510.23762@internaut.com> <p0620074fbf5509dd070a@[192.168.2.2]> <Pine.LNX.4.61.0509192043550.28535@internaut.com> <87y85swcwc.fsf@windlord.stanford.edu>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081
Cc: Margaret Wasserman <margaret@thingmagic.com>, ietf@ietf.org, Bernard Aboba <aboba@internaut.com>
Subject: Re: Summary of the LLMNR Last Call
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
> Bernard Aboba <aboba@internaut.com> writes: > > b. Confusion between security issues and namespace separation. In > > peer-to-peer name resolution protocols, it is possible for a responder > > to demonstrate ownership of a name, via mechanisms such as DNSSEC. It > > is also possible for a responder to demonstrate membership in a trusted > > group, such as via TSIG or IPsec. If DNSSEC is available, spoofing > > attacks are not possible, and querying for FQDNs does not expose the > > sender to additional vulnerabilities. Both the mDNS and LLMNR > > specifications agree on this point. > We agree that home burglary is a serious problem. This is why we > recommend that everyone hire an armed guard for their house. If your > house is monitored by armed guards, burglary is very unlikely. Given that > there is an effective security mechanism available, there's really no need > to consider simple deterrants that won't provide true security. We do have a strong tendency to let the best be the enemy pf the good, don't we? > > c. Lack of consideration of existing practice. Internet hosts have used > > multiple name resolution mechanisms based on a single API for more than > > two decades, with no ill effects. > "No ill effects" is a horribly inaccurate description of the effects of > that design. A much more accurate description would be that Internet > hosts have used multiple name resolution mechanisms through a single API > out of necessity for more than two decades, have suffered frequent ill > effects up to and including major outages because of it, but have > struggled along with that design because there are some features provided > by it that are too useful to completely dismiss in general. That being > said, most systems attempt to avoid using those features when feasible and > attempt to make all sources of information match exactly to avoid the > serious and often hard-to-diagnose problems of conflicting information. > If you think that using /etc/hosts, NIS, and DNS at the same time on > systems to provide name resolution is a *success* story, your perceptions > of the practical problems of name resolution in Internet hosts is > drastically different than mine. You've also had to maintain far less > code to try to work around bizarre inconsistencies in gethostbyname > responses than I have. I could not agree more. This particular hairball has been a consisent source of support problems around two decades now. In fact it may have set some sort of record: I cannot think of anything else we were using 20 years ago is still causing exactly the same sorts of problems it caused back then. Ned _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Stuart Cheshire
- Re: Summary of the LLMNR Last Call grenville armitage
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Russ Allbery
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Russ Allbery
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Steven M. Bellovin
- Re: Summary of the LLMNR Last Call Bernard Aboba
- Re: Summary of the LLMNR Last Call Ned Freed
- Re: Summary of the LLMNR Last Call Robert Elz
- Re: Summary of the LLMNR Last Call Margaret Wasserman
- .local [Re: Summary of the LLMNR Last Call] Brian E Carpenter
- Re: .local Frank Ellermann
- Re: Summary of the LLMNR Last Call Bill Manning
- 2606bis (was: .local) Frank Ellermann
- Re: 2606bis (was: .local) John C Klensin
- Re: 2606bis (was: .local) JFC (Jefsey) Morfin
- Re: 2606bis Frank Ellermann
- Re: 2606bis Bill Fenner
- Re: 2606bis John C Klensin
- Re: 2606bis JFC (Jefsey) Morfin
- Re: 2606bis Brian E Carpenter