On 7/8/19, Andrei POPESCU <andreimpope...@gmail.com> wrote: > On Lu, 08 iul 19, 13:37:26, Lee wrote: >> On 7/7/19, andreimpope...@gmail.com <andreimpope...@gmail.com> wrote: >> >> > The dangers are not at all obvious to me, possibly because I haven't >> > used it much (if at all). >> >> Read the first three paragraph of the "Security Considerations" section >> https://tools.ietf.org/html/rfc6762#section-21 >> >> Assuming everything on the network is a trusted host is a dangerous >> assumption, so paragraph 1 is N/A >> >> Assuming a trusted host won't get hacked is a dangerous assumption, so >> paragraph 3 is N/A. >> >> All that's left is paragraph 2 -- and uninstalling whatever software >> uses mDNS :) > > Security is not a black/white thing, it's more like a balancing act.
Agreed > In my opinion mDNS/zeroconf can make perfect sense in some environments > and be a complete no-go in others. Apparently it's not clear that I agree :( I thought about concluding with something about different people making different assumptions & some not wanting or able to set up their own dns server & living with the risk, but it seemed like such an obvious conclusion that I didn't bother. Regards, Lee