Bernard Aboba <aboba(_at_)internaut(_dot_)com> writes:
We agree that home burglary is a serious problem. This is why we
recommend that everyone hire an armed guard for their house. If your
house is monitored by armed guards, burglary is very unlikely. Given
that there is an effective security mechanism available, there's really
no need to consider simple deterrants that won't provide true security.
Not sure what this has to do with a link-scope resolution protocol
supporting name partitioning and DNSSEC. LLMNR provides a simple
deterrant in the case where security is available -- restricting the
names for which queries are sent. This is *exactly* the same mechanism
used by mDNS.
It was a possibly too sarcastic way of pointing out that I don't think
DNSSEC is an answer to this concern.
The difference between LLMNR and mDNS is one that I think is important.
This is a place where a SHOULD is the least that needs to be said, and a
MAY is simply not strong enough, not only for security reasons, but partly
for that. If you said MAY *if* DNSSEC or TSIG is used, SHOULD otherwise,
I would be somewhat less concerned, but still dubious.
The NetBIOS and DNS names spaces have coexisted for more than two
decades without requiring exact matches, because they do not overlap.
If LLMNR required that the namespaces not overlap, I believe that would
address many (although not all) of the concerns that were raised here.
Similarly, "exact matches" can be ensured via security schemes such as
DNSSEC while permitting overlapping name spaces.
Is .com signed yet?
*Both* the mDNS and LLMNR specifications agree on this point. The only
difference is that mDNS uses ".local" for partioning, while it is
suggested (but not required) that LLMNR implementations use single-label
names.
That's a very important difference to me.
--
Russ Allbery (rra(_at_)stanford(_dot_)edu)
<http://www.eyrie.org/~eagle/>
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf