Re: [mdnsext] Discussion of BoF during Berlin IETF

Kerry Lynn <kerlyn@ieee.org> Tue, 11 June 2013 02:38 UTC

Return-Path: <kerlyn2001@gmail.com>
X-Original-To: mdnsext@ietfa.amsl.com
Delivered-To: mdnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A461E21F8B51 for <mdnsext@ietfa.amsl.com>; Mon, 10 Jun 2013 19:38:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.542
X-Spam-Level:
X-Spam-Status: No, score=-1.542 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZpkC-GU2U0BW for <mdnsext@ietfa.amsl.com>; Mon, 10 Jun 2013 19:38:57 -0700 (PDT)
Received: from mail-ob0-x22c.google.com (mail-ob0-x22c.google.com [IPv6:2607:f8b0:4003:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 4DACF21F8BC0 for <mdnsext@ietf.org>; Mon, 10 Jun 2013 19:38:57 -0700 (PDT)
Received: by mail-ob0-f172.google.com with SMTP id wo10so11163234obc.3 for <mdnsext@ietf.org>; Mon, 10 Jun 2013 19:38:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=+5IYu+/eFU8FOyt0RHUEc/zFDQvYaadSqQc3CDXOCxY=; b=bcqmFfuYT54UOqibJquXmK/3Jphn6D7LN/mtc/+cM8SwjEvJyFS7WBt6qMe8xba15/ JpcWPQGnZ4q6aKHjToEvhoRh4CdF8bO6o4DSLW11n1OMRgNiE8uhTteRGfoPgxH4n5f+ SePifY4JlYkc6RFrak/nxvZxwJX3cJtYKG2cJazjjh7OgzCW+Mt/D09dk3H57nZ+pPaK dpKlhqXRIIazF95L5Gmta/8fa34JNNIDPCByFV6gYuf2nQnBq5k+aqZUfLYBEdGQkgUi hQXIwCiMmtijvlG2Ahbkb3ukUSNXVpmoQaPIkCWjR7meGGfoSJA/cMEpTjv12rgoe/qW qw6A==
MIME-Version: 1.0
X-Received: by 10.60.141.2 with SMTP id rk2mr6162672oeb.69.1370918336046; Mon, 10 Jun 2013 19:38:56 -0700 (PDT)
Sender: kerlyn2001@gmail.com
Received: by 10.60.148.197 with HTTP; Mon, 10 Jun 2013 19:38:55 -0700 (PDT)
In-Reply-To: <19621.1370909460@sandelman.ca>
References: <14CE323C-0BCC-4B7F-976C-10070E156046@gmail.com> <783F7CF8-7FDB-4F93-82C2-4291E329F844@gmail.com> <19956.1370353531@sandelman.ca> <E36F274013087B4EA05E08EB5037503901820D@DEFTHW99EK5MSX.ww902.siemens.net> <22635.1370439768@sandelman.ca> <51B63B07.5070802@umn.edu> <19621.1370909460@sandelman.ca>
Date: Mon, 10 Jun 2013 22:38:55 -0400
X-Google-Sender-Auth: 8QusJaZW0zyS1W0J1QJq87E_-t0
Message-ID: <CABOxzu3JYjpiVxP8Bv5bw-SHmOzW07KfoagWpyv2MfCYxg2wOw@mail.gmail.com>
From: Kerry Lynn <kerlyn@ieee.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Content-Type: multipart/alternative; boundary=047d7b33c83a6ffdf304ded7cc3b
Cc: "mdnsext@ietf.org" <mdnsext@ietf.org>
Subject: Re: [mdnsext] Discussion of BoF during Berlin IETF
X-BeenThere: mdnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <mdnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mdnsext>, <mailto:mdnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mdnsext>
List-Post: <mailto:mdnsext@ietf.org>
List-Help: <mailto:mdnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mdnsext>, <mailto:mdnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 02:38:58 -0000

On Mon, Jun 10, 2013 at 8:11 PM, Michael Richardson
<mcr+ietf@sandelman.ca>wrote;wrote:

>
> >>>>> "David" == David Farmer <farmer@umn.edu> writes:
>     >> But, that doesn't prevent or clearly signal, that mDNS may be
>     >> *unwelcome* on a particular network.   Enterprise folks might want
> to do
>     >> that. I'm not claiming that they will, or should, succeed, btw.  I'm
>     >> pointing out that we don't know what they want, because they don't
> tend
>     >> to participate.
>
>     David> While I wouldn't recommend general use of such a mode of
>     David> operation I do see
>     David> some special situations where I think it could be necessary,
>     David> even on my own
>     David> network, especially in networks or subnets with high security
>     David> requirements.
>
> Exactly (we are in violent agreement).
> Or where having nodes "find" each other automatically is undesireable.
>
> The train has left the station.  There are probably millions of deployed
devices
that already exhibit DNS-SD/mDNS behavior.  How is Enterprise IT to thwart
this existing behavior (e.g. probe and announce) except by black-holing mDNS
traffic *at L2*?  I guess you could hobble the OS somehow, but you're not
going to selectively disable firmware in a printer.


> Do you feel you can represent the Enterprise administrator?
> Do we need to reach out some other place?
>
> I'd put disabling existing functionality pretty far down the list of
priorities, since
the main problem seems to be how to make it work over a wider area, in more
cases.  I think the list of use cases previously mentioned run the spectrum
from
no management/no external servers to (potentially) fully managed DNS.  There
is also a spectrum of security concerns, and I will crank up a new thread
on that
topic tomorrow unless someone beats me to it.

-K-

There may also be situations where multicast is harmful (heavily
> congested wifi, LLNs which do not implement whatever LLN friendly mDNS
> we make).
>
> Blackholing multicast traffic may result in timeouts.
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh
> networks [
> ]   Michael Richardson, Sandelman Software Works        | network
> architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails
>    [
>
>
>
>
> _______________________________________________
> mdnsext mailing list
> mdnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/mdnsext
>
>