In message <87y85swcwc(_dot_)fsf(_at_)windlord(_dot_)stanford(_dot_)edu>, Russ
Allbery writes:
Bernard Aboba <aboba(_at_)internaut(_dot_)com> writes:
b. Confusion between security issues and namespace separation. In
peer-to-peer name resolution protocols, it is possible for a responder
to demonstrate ownership of a name, via mechanisms such as DNSSEC. It
is also possible for a responder to demonstrate membership in a trusted
group, such as via TSIG or IPsec. If DNSSEC is available, spoofing
attacks are not possible, and querying for FQDNs does not expose the
sender to additional vulnerabilities. Both the mDNS and LLMNR
specifications agree on this point.
We agree that home burglary is a serious problem. This is why we
recommend that everyone hire an armed guard for their house. If your
house is monitored by armed guards, burglary is very unlikely. Given that
there is an effective security mechanism available, there's really no need
to consider simple deterrants that won't provide true security.
DNSsec is very important for other reasons, such as the current
pharming attacks. The risks have been known in the security community
since at least 1991, and publicly since at least 1995. The long-
predicted attacks are now happening. We really need to get DNSsec
deployed, independent of mDNS or LLMNR. Given that there is now some
forward progress on DNSsec, it's not at all unreasonable for either or
both of those specs to rely on it to solve some of their particular
security risks.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf