> We agree that home burglary is a serious problem. This is why we > recommend that everyone hire an armed guard for their house. If your > house is monitored by armed guards, burglary is very unlikely. Given that > there is an effective security mechanism available, there's really no need > to consider simple deterrants that won't provide true security. Not sure what this has to do with a link-scope resolution protocol supporting name partitioning and DNSSEC. LLMNR provides a simple deterrant in the case where security is available -- restricting the names for which queries are sent. This is *exactly* the same mechanism used by mDNS. > by it that are too useful to completely dismiss in general. That being > said, most systems attempt to avoid using those features when feasible and > attempt to make all sources of information match exactly The NetBIOS and DNS names spaces have coexisted for more than two decades without requiring exact matches, because they do not overlap. Similarly, "exact matches" can be ensured via security schemes such as DNSSEC while permitting overlapping name spaces. So "exact matches" are neither sufficient nor necessary. *Both* the mDNS and LLMNR specifications agree on this point. The only difference is that mDNS uses ".local" for partioning, while it is suggested (but not required) that LLMNR implementations use single-label names. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf