[dtn-security] Re(2): How do you feel about Bonjour/Avahi?

[Peter Lovell <plovell@mac.com>]

>> If I'm part of law enforcement, I'll probably value confidentiality most
>> highly (although the courts may emphasize integrity and chain-of-custody
>> for evidence).
>>
>>   
>And military? I would imagine that since lives are at stake that might 
>be the defining peak of the pyramid...

Maybe, but let's not take the discussion in that direction.


>> Bonjour is just a service discovery protocol, not a part of a security
>> system. And it's localized so that only your neighbours know. It
>> shouldn't make any difference to integrity or confidentiality as those
>> should be handled by the defenses you have deployed. At a stretch, it
>> might make adversaries aware of your system but if they see Bonjour
>> advertisements then they're close to you already and can see your
>> network traffic.
>>   
>An excellent point, and one which worries me. How does "standard" 
>security which is not int he DTN part of the system affect the overall 
>system of which DTN is only a part?

I'm not sure I understand your point here. DTN sits on top of various
transport mechanisms (referred to as "convergence layers" in the specs)
and these may have their own security mechanisms. These are in addition
to the dtn ones that only are invoked after coming through the lower
layers. As an example, if you are using TCP convergence layer, I would
expect that to defend against common TCP DOS attacks, such as syn-flood.
DTN doesn't have to deal with those.


>> Bonjour and static IP addresses are solutions to different problems. An
>> IP address allows a system to send something to you. Bonjour allows a
>> nearby system to find you if it doesn't know your address.
>>   
>In my idea of a "closed, secure" system, if someone does not know my IP 
>address, then I don't even want him to know that I exist (al least, I 
>think so ... )

You might indeed want him not to know, and it might be good to keep as
low a profile as possible. But in most cases (not all) I wouldn't
categorize that as real "security". It's like having secret crypto algorithms.

Can it be one part of a layered defense? Certainly. Do I place much
reliance on it? No, with occasional exceptions. 

>> If you are sensitive about denial-of-service attacks then I would
>> suggest strongly that you do not use a hard-coded IP address, but
>> specify a dns address instead.
>>
>>   
>And that gets resolved to an IP address how? If I have an ad-hoc 
>network, I don't want to have a DNS server.

The non-Bonjour scenario uses a standard dns server -- nothing strange
there. Bonjour works in a standard local network (think of a small
office with DHCP, internet connectivity and with or without a dns server
for the local machines) or purely ad-hoc. In the ad-hoc case, the
machines self-assign link-local IP addresses in the range
169.254.0.0/16. Discovery is done using multicast-dns. The machines
respond directly and there is no server involved.

Cheers.....Peter