Re: Name ownership and LLMNR (Re: Last Call: 'Linklocal Multicast Name Resolution...)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 02:08 PM 9/1/2005, Harald Tveit Alvestrand wrote:


--On 1. september 2005 14:14 +0100 Tony Finch <dot@xxxxxxxx> wrote:

LLMNR allows me to treat names in a different way than mDNS does.
If I have a name that I'm certain I own (this box is, with high
certainty, the only one in the world named
HALVESTR-W2K02.emea.cisco.com), LLMNR allows me to assert that name on a
LAN even when the DNS is not available, or when that name is not
currently asserted in the DNS.

This kind of naming is not possible for ad-hoc networks without Internet
connectivity and without any domain name registration.

it's certainly *possible* (if each participant has some relationship to a domain name owner). The question is whether it's *desirable*.

I see naming as 3 parts:

- I pick a name
- I assert that the name belongs to me
- You choose to believe it (or not).

With DNS names, "I pick a name" involves seeing which names are free in a DNS zone I have a relationship to (which may be dyndns.org, for instance), and doing the admin steps to reserve it. "I assert" involves me putting it into a DNS zone, and loading that zone onto a DNS server, where you'll presumably pick it up.

These are the same issues I recall asking about when dynamic DNS was being discussed/proposed. Any machine can make a claim they're whomever they want to be, and that request to insert mapping gets fired off to some distant DNS server who has no idea who the client is. I recall being told that any authorization to use a particular name was out of scope of the protocol. Thanking the person who told me this, I've made it a point to disable dynamic DNS in all envinronments since it's been available in running code. It's useless.

Now in the case of link local, it may or may not be useful for me to claim my machine is www.paypal.com and siphon off the requests of anyone dumb enough to listen to that. Or, perhaps, security considerations really are worth reviewing, even in a link local environment.

"You choose" in the DNS case is because you believe (presumably) in the chain of servers between you, the root node and the authoritative server for my domain; in the LLMNR *or* mDNS case, it would be "because he's here and he says so".
This could be backed up with certificates if you wanted to, of course.

The difference between LLMNR and mDNS here seems to be that mDNS *requires* me to use two different names in the two different cases; LLMNR, while it certainly *permits* me to do so, does not *require* it.

This is descending into a philosophical debate... "what's in a name".......

Or, "how easy is it to spoof a name, and get the guy sitting next to me to fall for it."



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]