Re: [apps-discuss] Aggregated service discovery

Alessandro Vesely <vesely@tana.it> Fri, 25 May 2012 08:15 UTC

Return-Path: <vesely@tana.it>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7065121F850C for <apps-discuss@ietfa.amsl.com>; Fri, 25 May 2012 01:15:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.719
X-Spam-Level:
X-Spam-Status: No, score=-4.719 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4+EupmcvhTkl for <apps-discuss@ietfa.amsl.com>; Fri, 25 May 2012 01:15:19 -0700 (PDT)
Received: from wmail.tana.it (mail.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 562D621F85AA for <apps-discuss@ietf.org>; Fri, 25 May 2012 01:15:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=test; t=1337933715; bh=GJ1qr71M+MGQlxL3t5y2eh761cjJfn34fkaBJEXZhAc=; l=1004; h=Message-ID:Date:From:MIME-Version:To:References:In-Reply-To: Content-Transfer-Encoding; b=N/4UAV/N9uMt+kuv63i67dnR8IbW0xYTKGi60XEt9sfdPAJ7Mza5t905x9tq9YNnw Myh5pLYmGBkoCJ9h3pNLpeUBUxSamqeZPydjKQT3okziTaykS+r4s3sKC+5C+j29ac k2RODBYRrlxLV5+3+NqXE4zWoNgO19AT1vSi5Z4w=
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Fri, 25 May 2012 10:15:15 +0200 id 00000000005DC035.000000004FBF3F93.00004BE8
Message-ID: <4FBF3F93.2010302@tana.it>
Date: Fri, 25 May 2012 10:15:15 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: apps-discuss@ietf.org
References: <64C6DF43A866F40437AF4CC3@cyrus.local> <22873D37-8462-48AE-ABA0-49445776E4CC@mnot.net> <FF3DD3C9968F397579BC846A@cyrus.local> <92CD7BC1-4A4C-49BD-8F4B-4A04BC63620F@mnot.net> <1337835271.6923.275.camel@dave.home.mcmillan.net.nz> <CA+aD3u0AJ0B4j8YrF4-M7+FmoAJnFzWvYJJ-F8vV87Z3=Y67rQ@mail.gmail.com>
In-Reply-To: <CA+aD3u0AJ0B4j8YrF4-M7+FmoAJnFzWvYJJ-F8vV87Z3=Y67rQ@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: [apps-discuss] Aggregated service discovery
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2012 08:15:20 -0000

On Thu 24/May/2012 16:30:03 +0200 Michiel de Jong wrote:

> but the main objection people would have to doing this is i think
> privacy/security. you don't want to announce the exact details of all
> your services publically, because:
> 1) it makes it easier for an attacker to know where to attack your systems
> 2) it may reveal non-public information about your users unnecessarily.

Requiring authentication in order to discover the services would seem
to be a relevant functional difference w.r.t. SRV records.  I, for
one, don't use SRV records because of those two reasons.

Of course, directing all mass, blind dictionary attacks toward a
single entry point will call from some savvy implementation advice.
For example, centralized discovery could count failed attempts and
block a user when that number becomes comparable to her password's
entropy.  She won't be able to install new client devices for a while,
but that is much less disruptive than blocking IMAP access.

jm2c