In message <87y85swcwc.fsf@xxxxxxxxxxxxxxxxxxxxx>, Russ Allbery writes: >Bernard Aboba <aboba@xxxxxxxxxxxxx> writes: > >> b. Confusion between security issues and namespace separation. In >> peer-to-peer name resolution protocols, it is possible for a responder >> to demonstrate ownership of a name, via mechanisms such as DNSSEC. It >> is also possible for a responder to demonstrate membership in a trusted >> group, such as via TSIG or IPsec. If DNSSEC is available, spoofing >> attacks are not possible, and querying for FQDNs does not expose the >> sender to additional vulnerabilities. Both the mDNS and LLMNR >> specifications agree on this point. > >We agree that home burglary is a serious problem. This is why we >recommend that everyone hire an armed guard for their house. If your >house is monitored by armed guards, burglary is very unlikely. Given that >there is an effective security mechanism available, there's really no need >to consider simple deterrants that won't provide true security. > DNSsec is very important for other reasons, such as the current pharming attacks. The risks have been known in the security community since at least 1991, and publicly since at least 1995. The long- predicted attacks are now happening. We really need to get DNSsec deployed, independent of mDNS or LLMNR. Given that there is now some forward progress on DNSsec, it's not at all unreasonable for either or both of those specs to rely on it to solve some of their particular security risks. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf