[dnssd] Multicast DNS (mDNS) Threat Model and Security Consideration
"Albrecht, Harald" <harald.albrecht@siemens.com> Wed, 15 April 2015 08:36 UTC
Return-Path: <harald.albrecht@siemens.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1326D1B3304 for <dnssd@ietfa.amsl.com>; Wed, 15 Apr 2015 01:36:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.849
X-Spam-Level:
X-Spam-Status: No, score=-3.849 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nGqrHRDYGn3Q for <dnssd@ietfa.amsl.com>; Wed, 15 Apr 2015 01:36:25 -0700 (PDT)
Received: from gecko.sbs.de (gecko.sbs.de [194.138.37.40]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B21A01B331E for <dnssd@ietf.org>; Wed, 15 Apr 2015 01:34:39 -0700 (PDT)
Received: from mail2.sbs.de (localhost [127.0.0.1]) by gecko.sbs.de (8.14.3/8.14.3) with ESMTP id t3F8YbjQ012401 for <dnssd@ietf.org>; Wed, 15 Apr 2015 10:34:38 +0200
Received: from DEFTHW99ERGMSX.ww902.siemens.net (defthw99ergmsx.ww902.siemens.net [139.22.70.132]) by mail2.sbs.de (8.14.3/8.14.3) with ESMTP id t3F8YZTP022501 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <dnssd@ietf.org>; Wed, 15 Apr 2015 10:34:37 +0200
Received: from DEFTHW99ERDMSX.ww902.siemens.net (139.22.70.69) by DEFTHW99ERGMSX.ww902.siemens.net (139.22.70.132) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 15 Apr 2015 10:34:35 +0200
Received: from DEFTHW99EK5MSX.ww902.siemens.net ([169.254.6.44]) by DEFTHW99ERDMSX.ww902.siemens.net ([139.22.70.69]) with mapi id 14.03.0235.001; Wed, 15 Apr 2015 10:34:35 +0200
From: "Albrecht, Harald" <harald.albrecht@siemens.com>
To: "dnssd@ietf.org" <dnssd@ietf.org>
Thread-Topic: Multicast DNS (mDNS) Threat Model and Security Consideration
Thread-Index: AdB3Urb/OENoIy4+TgutqQVzjjyumg==
Date: Wed, 15 Apr 2015 08:34:33 +0000
Message-ID: <E36F274013087B4EA05E08EB503750390BF63956@DEFTHW99EK5MSX.ww902.siemens.net>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [139.22.70.22]
Content-Type: multipart/alternative; boundary="_000_E36F274013087B4EA05E08EB503750390BF63956DEFTHW99EK5MSXw_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnssd/tc0FNbBACWAu5POsi3YdZT2Zmkc>
Subject: [dnssd] Multicast DNS (mDNS) Threat Model and Security Consideration
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 08:36:30 -0000
Hi, just came across a few minor things in the DNSSD I-D "Multicast DNS (mDNS) Threat Model and Security Consideration" -02. In section 3.2.2, second scenario the term "Time To Leave" for TTL should be "Time To Live" instead (http://en.wikipedia.org/wiki/Domain_Name_System#DNS_resource_records). Albeit I have to admit that "time to leave" has a very nice ring :) In section 3.3.1 you write "[...] these services may automatically announce over mDNS both Universal Local Addresses (ULA) [RFC4193] and Global Unicast Addresses (GUA). Since a GUA address is global, the associated node may become accessible over the Internet." I think that the second GUA reference should be to ULAs instead, that is, "Since a ULA address is global [...]". Another thing that strikes me is the use of "GUA address" and "ULA address". The "A" in "GUA" and "ULA" already means address, so "GUA address" basically means a "global unicast address address". Either a sole "GUA"/"ULA" is already sufficient or always spell "global unicast address" in full. With respect to section 3.7.1 "Storing mDNS names in unicast DNS" I wonder if there are attacks possible based on leaking UTF-8 labels into unicast DNS and thus upsetting either DNS servers, (stub) resolvers, and IDNA libraries? In section 3.13.4.1 what is the security standpoint rationale to not publish GUAs? For instance, if a site decides to not use ULAs but only GUAs (believe me, there are such huge sites in IPv4 that run their company intranet on global addresses, not on private ones) then this would not be less secure than using ULAs. Some moments before the draft argues with respect to ULA accessibility. The same also applies to GUAs. Not publishing something doesn't mean it's not reachable - this would be a perfect example of security by obscurity. And security by obscurity is known to not offer any security at all. So, please detail the rationale behind 3.13.4.1 and it focusing on ULA only. Best regards, Harald Albrecht Siemens AG Digital Factory Division Gleiwitzer Str. 555 90475 Nuernberg, Germany Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
- [dnssd] Multicast DNS (mDNS) Threat Model and Sec… Albrecht, Harald
- Re: [dnssd] Multicast DNS (mDNS) Threat Model and… Hosnieh Rafiee
- Re: [dnssd] Multicast DNS (mDNS) Threat Model and… Douglas Otis