Re: [dnssd] I-D Action: draft-rafiee-dnssd-mdns-threatmodel-03.txt
Douglas Otis <doug.mtview@gmail.com> Wed, 03 June 2015 02:41 UTC
Return-Path: <doug.mtview@gmail.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15E291B2C3A for <dnssd@ietfa.amsl.com>; Tue, 2 Jun 2015 19:41:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zEN_FRDiY6GN for <dnssd@ietfa.amsl.com>; Tue, 2 Jun 2015 19:41:00 -0700 (PDT)
Received: from mail-pa0-x22f.google.com (mail-pa0-x22f.google.com [IPv6:2607:f8b0:400e:c03::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B83361B2C31 for <dnssd@ietf.org>; Tue, 2 Jun 2015 19:41:00 -0700 (PDT)
Received: by payr10 with SMTP id r10so63390227pay.1 for <dnssd@ietf.org>; Tue, 02 Jun 2015 19:41:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=kfrCjfiSgCnGEIe5+O0rATcI7CjtSOq7/E3ynGE0R4g=; b=ZMLWYUMGJ6hHgVHmGaQVwXeDbUPnvNliIWR1s4cdU623aQ4wDvEp45Y1+ni1vQ1yJS BgHhBabFkoWQnAOBYrTEWBH1RploZLx2eXBfjLuw4mE+a5BDLzNT/OwjdqbbKS2PFoAo K2lM9qOF/IA5aO+bbOlE0fSCFW3cyWrL4MSPNYdl3qRpnwD4KhHJJWKYppnYHSzcyMVh e9i/EMDHXG6UZ4npVMExIlgfr1AbDVb3aKGckVeV1au0sRwNx4frLGHay8jUOf7fJ6AT /o9F3+ld5yIZkNfhqp9dN/m0+P1dzTZ4XWhdMzXu61DN841CQTgccAjmqtdTFWHKDj1S g3LA==
X-Received: by 10.68.113.194 with SMTP id ja2mr17641446pbb.163.1433299260358; Tue, 02 Jun 2015 19:41:00 -0700 (PDT)
Received: from US-DOUGO-MAC.local (107-0-5-6-ip-static.hfc.comcastbusiness.net. [107.0.5.6]) by mx.google.com with ESMTPSA id ra3sm18839357pbb.23.2015.06.02.19.40.57 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Jun 2015 19:40:58 -0700 (PDT)
Message-ID: <556E6936.1070205@gmail.com>
Date: Tue, 02 Jun 2015 19:40:54 -0700
From: Douglas Otis <doug.mtview@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: dnssd@ietf.org
References: <20150530185803.18524.17824.idtracker@ietfa.amsl.com> <814D0BFB77D95844A01CA29B44CBF8A70154C4DA@lhreml504-mbs>
In-Reply-To: <814D0BFB77D95844A01CA29B44CBF8A70154C4DA@lhreml504-mbs>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnssd/IyJ3tsctP4tQdsQzHt3uPGmpKPQ>
Subject: Re: [dnssd] I-D Action: draft-rafiee-dnssd-mdns-threatmodel-03.txt
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 02:41:02 -0000
On 6/1/15 12:18 AM, Hosnieh Rafiee wrote: > There's also a htmlized version available at: > > https://tools.ietf.org/html/draft-rafiee-dnssd-mdns-threatmodel-03 Dear Hosnieh, This review misses a concern called out in the CERT notice for dnssd at https://www.kb.cert.org/vuls/id/550620 See Section 1 of https://tools.ietf.org/html/draft-otis-dnssd-mdns-xlink-06 The threat model also overlooks data leakage beyond a local link and DNS amplification concerns resulting from the browse-ability offered by resource structures as explained in the introduction and the CERT notice. Appendix A gives an example of data leakage exploited in Appendix B. A mitigation practice to overcome these risks remains unclear unless some means is made available to limit results. Regards, Douglas Otis
- Re: [dnssd] I-D Action: draft-rafiee-dnssd-mdns-t… Hosnieh Rafiee
- Re: [dnssd] I-D Action: draft-rafiee-dnssd-mdns-t… Douglas Otis
- Re: [dnssd] I-D Action: draft-rafiee-dnssd-mdns-t… Hosnieh Rafiee