--On torsdag, september 01, 2005 20:30:56 +0200 Iljitsch van Beijnum
<iljitsch@xxxxxxxxx> wrote:
"You choose" in the DNS case is because you believe (presumably) in
the chain of servers between you, the root node and the
authoritative server for my domain; in the LLMNR *or* mDNS case, it
would be "because he's here and he says so".
What I'm missing in this story is how the application finds out who said
so. So either you need to allow "Harald said so" for all applications or
for none of them. That is not good.
Yep.
In the DNS case, "the DNS server I asked said so".
In the LLMNR and mDNS case, "the machine that answered my multicast said
so".
Flight of imagination: DNSSEC-Signed records (with the SIG/KEY chain in
additional data?) would seem to be one possibility to "prove" that the data
being presented was "legitimate" under DNS delegation rules, even when you
don't have a present connection to the Internet.
My imagination doesn't fly far enough at this time of night to figure out
any relationship beteen a ".local" name and the term "legitimacy". But it's
late in the evening, so my imagination is not flying very far - perhaps
mDNS works because they deliberately abandoned the idea of name ownership.
YMMV.
Harald
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf