We agree that home burglary is a serious problem. This is why we
recommend that everyone hire an armed guard for their house. If your
house is monitored by armed guards, burglary is very unlikely. Given that
there is an effective security mechanism available, there's really no need
to consider simple deterrants that won't provide true security.
Not sure what this has to do with a link-scope resolution protocol
supporting name partitioning and DNSSEC. LLMNR provides a simple
deterrant in the case where security is available -- restricting the names
for which queries are sent. This is *exactly* the same mechanism used by
mDNS.
by it that are too useful to completely dismiss in general. That being
said, most systems attempt to avoid using those features when feasible and
attempt to make all sources of information match exactly
The NetBIOS and DNS names spaces have coexisted for more than two decades
without requiring exact matches, because they do not overlap. Similarly,
"exact matches" can be ensured via security schemes such as DNSSEC while
permitting overlapping name spaces. So "exact matches" are neither
sufficient nor necessary.
*Both* the mDNS and LLMNR specifications agree on this point. The only
difference
is that mDNS uses ".local" for partioning, while it is suggested (but not
required)
that LLMNR implementations use single-label names.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf