Toerless Eckert <[email protected]> wrote: > 2. a) My main fear remains undesired proxying of mDNS messages by > some equipment, thereby creating undesired ACP connections. mDNS > proxying has become quite popular.
I don't see the problem.
a) proxy mDNS all you like, the proxy reply is supposed to be a
link-local address, and if the mDNS was proxied, then the connection
failed.
b) assuming that a non-link-local address was returned, and the
implementation was given a routable source address, (very possible
on an active LAN with DHCP/SLAAC available), and it connects to
the proxy. There is then an enrollment. Or there isn't.
b) assuming that the enrollment worked, then whatever the ACP
discovery mechanism is (is it GRASP? I don't know) would run
on the link if the new system wanted to join the ACP.
We never suggested that this discovery would be mDNS.
> c) I can't imagine that all the IoT spaces will convege on just
> one discovery protocol as heir preference, so i think it's an
> illusion to think we can hit "one preferred" by all model.
Multiple vendors are doing this.
We made multicast work in great part so that mDNS would work.
> 3. I have never seen point 3. as a system design principle. My background
> is in routing, and BGP and IGPs for examples are used extensively
> in the same devices running in different instances for different
> isolated domains (eg: l3vpn). Reuse of the same protocols as
> much as possible, because their security properties are understood
> and isolation between different instances is an accepted model of
> reuse and mutual isolation (shared code, no shared data).
Most priviledge elevation exploits for Windows and Linux leverage that a
feature was added to the code base to support function X, which, when
combined with operation Y, does something unintended.
For an example from the routing space, I point to why we can't use source
routing in most places. It has no security risks at all until you start
assuming that things behind a firewall are trusted and things outside are
not.
This is the kind of thing that we are thinking about.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
