IETF Logo Mail Archive

Re: [dnssd] Security through Obscurity

Michael Sweet <msweet@apple.com> Fri, 25 July 2014 12:51 UTC

Return-Path: <msweet@apple.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF6531B27F3 for <dnssd@ietfa.amsl.com>; Fri, 25 Jul 2014 05:51:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.092
X-Spam-Level:
X-Spam-Status: No, score=-4.092 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gKbsx7ma0fc8 for <dnssd@ietfa.amsl.com>; Fri, 25 Jul 2014 05:51:12 -0700 (PDT)
Received: from mail-in6.apple.com (mail-out6.apple.com [17.151.62.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 847471A0242 for <dnssd@ietf.org>; Fri, 25 Jul 2014 05:51:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1406292671; x=2270206271; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=TtLF+YPnb82rs8xLWvIYkqclT3JU3hL53YDL81KUiUY=; b=pDoFV86o7VkG073JzUC86RdY0lTPc45fTS/rECt7Ix/ThXGTfAFksVuNE9y+NPZR b6Km/WtJ/oL6GGbmHX5ufgKDrl++mSsVqTdmV+ca82+5hja8L/e/x8r/nKBW0auX +b3h90JjBFJI4pUMrGFGjrWwQ8hU40sCgCK4RBXBBs5AUOvkG9MoCnclW+IlbUhS IL5oK6SYyJA7sZIXX/HB5pMjmaWPDJi0oSOAsHqsRZ2cAUw83sOj8g1cRH8/fCuz QbHs+1989WZC5f2e/gkewS0Sn1PFjLmHL4Df8iI4ti0DWbodjMypvTvuoJ4DGzkg WTsHCaPQ7rT7cwKmGyMoog==;
Received: from mail-out.apple.com (crispin.apple.com [17.151.62.50]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by mail-in6.apple.com (Apple Secure Mail Relay) with SMTP id 06.12.32596.EB252D35; Fri, 25 Jul 2014 05:51:10 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; CHARSET="US-ASCII"
Received: from relay8.apple.com ([17.128.113.102]) by local.mail-out.apple.com (Oracle Communications Messaging Server 7.0.5.30.0 64bit (built Oct 22 2013)) with ESMTP id <0N9900LY6QDAE5J0@local.mail-out.apple.com> for dnssd@ietf.org; Fri, 25 Jul 2014 05:51:10 -0700 (PDT)
X-AuditID: 11973e15-f79d66d000007f54-d9-53d252becfa3
Received: from [17.153.48.127] (Unknown_Domain [17.153.48.127]) (using TLS with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by relay8.apple.com (Apple SCV relay) with SMTP id C3.9A.11638.DB252D35; Fri, 25 Jul 2014 05:51:11 -0700 (PDT)
From: Michael Sweet <msweet@apple.com>
In-reply-to: <E36F274013087B4EA05E08EB503750390BEDE8DF@DEFTHW99EK5MSX.ww902.siemens.net>
Date: Fri, 25 Jul 2014 08:51:07 -0400
Message-id: <16D98342-BBF4-4EA1-A206-70D6053A7D57@apple.com>
References: <0644A943-80B9-42E0-BF82-3E1113710FA2@gmail.com> <20E4ED19-12BD-45D4-B690-8629B552B23B@gmail.com> <0E0BC226-E68E-4BC2-99EA-AFF1AF96A5EC@ecs.soton.ac.uk> <EMEW3|faec94f4ff05bea449f9614b93dae254q6NE8Q03tjc|ecs.soton.ac.uk|0E0BC226-E68E-4BC2-99EA-AFF1AF96A5EC@ecs.soton.ac.uk> <E6F68BE4-7094-45AA-ADD9-4B88BBC87921@gmail.com> <8465FD60-84CD-41B3-BBE3-1BDB52DF0DDB@hp.com> <364AAF85-5FB4-4828-A5A4-11160E747BC9@gmail.com> <24377.1406225491@sandelman.ca> <3949.1406228928@sandelman.ca> <E36F274013087B4EA05E08EB503750390BEDE8DF@DEFTHW99EK5MSX.ww902.siemens.net>
To: "Albrecht, Harald" <harald.albrecht@siemens.com>
X-Mailer: Apple Mail (2.1878.6)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPLMWRmVeSWpSXmKPExsUiON3OSHdf0KVgg0dTbCzeL53F6MDosWTJ T6YAxigum5TUnMyy1CJ9uwSujKl3TzIWnBGs+Pf+HFsD4ya+LkZODgkBE4knS36zQdhiEhfu rQeyuTiEBGYySTSePcQMkuAVEJT4MfkeSxcjBwezgLzEwfOyIGFmAS2J749aWUBsIYFpTBJ7 J/jDzDy46T8jxJxeJolVx3rBioQF9CWWXtvODmKzCahJ/J7UxwpicwpESbz6MR+shkVAVaK7 v5EdYpePxJGb1hAn2EgsWn+fFWLmCRaJy4f3gd0mArRs2+UHLBCL5SU+fDjODmH3sUnMmVo0 gVF4FpIXZiG8MAvJCwsYmVcxCuUmZuboZuaZ6SUWFOSk6iXn525ihISw6A7GM6usDjEKcDAq 8fB21F8MFmJNLCuuzD3EKM3BoiTOey4cKCSQnliSmp2aWpBaFF9UmpNafIiRiYNTqoExPTEs dRL/m6tnckWvXl5fb8d7xHHWxc8CrffNPjuvUtjVaPnqNmf/zhwlmVOVPOzTt+yKmK7v/2bp hekTsyQtjn9LkBEPlBHeearQ4B1/tHKZn+Sdu/O2HPh78+vmVF5r0/DaD+GXp7030mLW7GOf 3/fm4PGJh5TnVB5xCGzakjOZ59+clgtxSizFGYmGWsxFxYkAahJTKUICAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrOLMWRmVeSWpSXmKPExsUiONOgXnd/0KVgg45DChbvl85itPh68g+7 xbyGy0wWR77FOrB4bD35g81jyZKfTB4tc/Ywe2w/OYkpgCWKyyYlNSezLLVI3y6BK2PJvDnM BROFKlq2zWdqYLzO18XIySEhYCJxcNN/RghbTOLCvfVsXYxcHEICvUwSi5ZcZgZJCAvoSyy9 tp0dxOYVMJBYsmsTWJxZQEvixr+XTCA2m4CaxO9JfawgNqdAhMTF/1PA4iwCqhLd/Y3sEPV+ Em1PGlghbG2JZQtfM0PMtJE4N2clO8TiHSwSeyfuAGsQAbpu2+UHLBDXyUt8+HCcfQIj/ywk d8xCcscsJHMXMDKvYhQoSs1JrLTQSywoyEnVS87P3cQICs6GwrQdjE3LrQ4xCnAwKvHwRphd ChZiTSwrrsw9xCjBwawkwpsUABTiTUmsrEotyo8vKs1JLT7EKM3BoiTOu6PuQrCQQHpiSWp2 ampBahFMlomDU6qBUWrtb5MnS0vE/YsmKs0s/PVe702Jrr8fh6fwYzfrY3nRD7K7gmzeXooR jA+cGa574csxJuEG3nuOd44YpQVv1vp0mu/rc/upoavlHvksn+lif1xzs+xb+1ThxU1lOTU7 4jUOlL8R2Lbm0uG94hfem71fHHQ6eBNnHqt1Z822SVabivf835F4TImlOCPRUIu5qDgRAE3g mXFKAgAA
Archived-At: http://mailarchive.ietf.org/arch/msg/dnssd/weQHbUga-lFio42K-MUNvBdoiCQ
Cc: "dnssd@ietf.org" <dnssd@ietf.org>, Michael Richardson <mcr@sandelman.ca>
Subject: Re: [dnssd] Security through Obscurity
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jul 2014 12:51:14 -0000

FWIW, many recent (within the last 4 years or so) printers support IPP and an operation called "Identify-Printer" which makes the printer beep or flash to aid in identifying which printer you are talking to...

But more generally most people don't have multiple (identical) printers, and most organizations stick a label on the printer with its name on the network...  Crude but effective... :)


On Jul 25, 2014, at 3:21 AM, Albrecht, Harald <harald.albrecht@siemens.com> wrote:

>> Von: dnssd [mailto:dnssd-bounces@ietf.org] Im Auftrag von Michael
>> Richardson
>> Gesendet: Donnerstag, 24. Juli 2014 21:09
>> Cc: dnssd@ietf.org
>> Betreff: Re: [dnssd] Security through Obscurity
>> 
>> Three printers on the floor.
>> One is reporting it is broken, so broken that you can't do much more than see
>> that it exists.
>> If the IP(v6) address is predictable, and related in some way to the EUI-64,
>> then you can find the right unit.
>> The printer has little privacy concerns, seldom visits internet cafes, and is
>> never found it airport lounges.
> 
> In which form do the reporting come in? I would assume that these printers have some labels sticking on them that identify them in a more human-friendly way? Or am I wrong here and missing something? I'm trying to figure out how the reporting process and troubleshooting process will benefit from pre-assigned static LLAs, but I have problems doing so.
> 
> By the way -- my home printer has global IPv6 addresses (yes, it has two as Deutsche Telekom assigns temporary PA prefixes). But it has a snuggly firewall in front of it so it is of no concern to me; this printer can't be reached from the outside. These two additional GUAs don't eat up significantly resources, so why do I need to bother? I'm using ULA and LLA internally, so that's what I'm caring about. The GUAs aren't bad in any way ... unless there is general suspicion that GUAs are bad in any case...?
> 
> With best regards,
> Harald
> 
> 
> _______________________________________________
> dnssd mailing list
> dnssd@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd

_________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair

v2.23.0 | Report a Bug | By Email