IETF Logo Mail Archive

Re: [dnssd] Threat model - answer to questions

Hosnieh Rafiee <hosnieh.rafiee@huawei.com> Fri, 05 December 2014 10:51 UTC

Return-Path: <hosnieh.rafiee@huawei.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25A491ACE2B for <dnssd@ietfa.amsl.com>; Fri, 5 Dec 2014 02:51:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J9QhCOxtBAgZ for <dnssd@ietfa.amsl.com>; Fri, 5 Dec 2014 02:51:14 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00A661ACE20 for <dnssd@ietf.org>; Fri, 5 Dec 2014 02:51:13 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml402-hub.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BMK15629; Fri, 05 Dec 2014 10:51:12 +0000 (GMT)
Received: from LHREML513-MBB.china.huawei.com ([fe80::b810:863:a57e:3ff]) by lhreml402-hub.china.huawei.com ([10.201.5.241]) with mapi id 14.03.0158.001; Fri, 5 Dec 2014 10:51:06 +0000
From: Hosnieh Rafiee <hosnieh.rafiee@huawei.com>
To: Douglas Otis <doug.mtview@gmail.com>
Thread-Topic: [dnssd] Threat model - answer to questions
Thread-Index: AdAAHOI1IabjPMLgS8G9/moucSe3JgENnoGAAwRu1OA=
Date: Fri, 05 Dec 2014 10:51:05 +0000
Message-ID: <814D0BFB77D95844A01CA29B44CBF8A7A7DD8A@lhreml513-mbb.china.huawei.com>
References: <814D0BFB77D95844A01CA29B44CBF8A7A5E576@lhreml513-mbb.china.huawei.com> <AD1ACD05-A7BF-44E8-AC52-9BDA756C1722@gmail.com>
In-Reply-To: <AD1ACD05-A7BF-44E8-AC52-9BDA756C1722@gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.221.82.91]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/dnssd/mfIbqDGk4E4_YAEQzwM19evbwOI
Cc: "dnssd@ietf.org" <dnssd@ietf.org>
Subject: Re: [dnssd] Threat model - answer to questions
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Dec 2014 10:51:16 -0000

Hi Douglas,

Thanks for your comments. 

> For resource constrained devices, security is best enforced by use of
<snip>
> Omitting proper address selection rules is unlikely to obtain the
> desired security.  This consideration was omitted in both the Hybrid
> Proxy and Security Threat documents.
> 
> Note: Last hop security depends on header compliance with RA Guard
> RFC7113.
Thanks for the clarification. I actually removed it from the document because In IETF 90 when I was presenting, some folks told me that I should only focus on the scope of requirement documents and charter which is more related to DNSSD and a little about mDNS.

So, maybe this is a good time to raise this question:

What is the expectation of thread model? Shall I also evaluation the current available documents which discusses also about mDNS or only focus on SD part?

Thanks,
Best,
Hosnieh

v2.23.0 | Report a Bug | By Email