On 7/7/19, andreimpope...@gmail.com <andreimpope...@gmail.com> wrote: > On Sb, 06 iul 19, 15:36:37, Lee wrote: >> >> "an accident waiting to happen" was from me and I also gave the rfc >> for mdns, so that's hardly "nothing of substance to support that >> view." If you're having trouble finding the rfc, it's here >> https://tools.ietf.org/html/rfc6762 > > Care to elaborate though?
While reading about a security issue I came across the line "An insecure protocol will eventually be exploited." - which sounds right to me. And the standard q&a for most security issues involving an insecure protocol seems to be q: how do i prevent <bad thing> from happening? a: by not allowing it in the first place. Hopefully we're clear about my bias now :) > The dangers are not at all obvious to me, possibly because I haven't > used it much (if at all). Read the first three paragraph of the "Security Considerations" section https://tools.ietf.org/html/rfc6762#section-21 Assuming everything on the network is a trusted host is a dangerous assumption, so paragraph 1 is N/A Assuming a trusted host won't get hacked is a dangerous assumption, so paragraph 3 is N/A. All that's left is paragraph 2 -- and uninstalling whatever software uses mDNS :) Regards, Lee