On Mon, Oct 26, 2020 at 04:39:10PM -0400, Ted Lemon wrote:
> What actually hardens mDNS is that it’s a link-local protocol. 
> It doesn’t work across links. This limits the attack surface. 

Exactly.

> But there’s no way to eliminate the attack surface.  If I were in Ben’s 
> shoes, 
> I’d be asking you to change the protocol to support authentication and 
> ToFU as a hardening strategy, with some better trust establishment mechanism 
> as future work based on the existing presence of crypto signatures. But 
> the current consensus of the IETF is apparently that ADs aren’t allowed to 
> insist on things like that. :(

We must also consider that mDNS is meant to provide that on-link communication
for devices that are perhaps not professionally managed, such as my
home where I may want to talk to raspberrypi.local or my printer
or other on-link device without placing it in some enterprise or other
lookup system.  This helps prevent remote attacks and discoverability of
my devices and provides security this way.

- Jared


-- 
Jared Mauch  | pgp key available via finger from ja...@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to