From: Tomas Volf <~@wolfsden.cz>
To: musl@lists.openwall.com
Cc: Rich Felker <dalias@libc.org>
Subject: Re: [musl] mDNS in musl
Date: Fri, 22 Mar 2024 01:29:43 +0100 [thread overview]
Message-ID: <ZfzQ9yeW2Ft7zkrS@ws> (raw)
In-Reply-To: <CAPDSy+6YyWBqy87PN1FCUA6zKX5xpan0r5R4+cFa4GQny+w3kg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1234 bytes --]
On 2024-03-22 10:10:29 +1000, David Schinazi wrote:
> > PS: which are the stakeholders contacted while the relevant standards
> > brought in such hazardous default?
>
>
> These RFCs went through the IETF Standards Track process, so the entire
> IETF community was consulted when this was finalized around 2011-2012.
>
> I'd like to understand why you think this is hazardous though. mDNS only
> applies to host names under .local - those names are not covered by DNSSEC,
> and therefore any queries for them are always sent completely insecure.
> Sending those queries over the wire to the configured DNS resolver has very
> similar security properties to sending them over the wire as multicast.
Please ignore my comment from the peanut gallery if it is totally off, but is it
not a difference between being able to do MitM (for regular non-DNSSEC DNS) and
just being on the same network (multicast)? So the former only router/gateway
can do, the latter anyone able to respond to the multicast? Assuming my
understanding is correct, that does not seem "very similar security properties".
Have a nice day,
Tomas Volf
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2024-03-22 0:31 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-06 7:29 David Schinazi
2024-03-06 16:15 ` Rich Felker
2024-03-06 16:45 ` Jeffrey Walton
2024-03-07 0:17 ` David Schinazi
2024-03-07 2:43 ` Rich Felker
2024-03-07 22:50 ` David Schinazi
2024-03-08 0:08 ` Rich Felker
2024-03-08 1:30 ` David Schinazi
2024-03-08 2:06 ` David Schinazi
2024-03-08 2:52 ` Rich Felker
2024-03-08 3:34 ` David Schinazi
2024-03-08 3:47 ` Rich Felker
2024-03-08 4:47 ` David Schinazi
2024-03-08 13:31 ` Rich Felker
2024-03-08 19:15 ` David Schinazi
2024-03-08 20:31 ` Rich Felker
2024-03-08 21:55 ` David Schinazi
2024-03-08 22:54 ` Rich Felker
2024-03-08 23:44 ` David Schinazi
2024-03-21 9:21 ` David Schinazi
2024-03-21 12:07 ` Rich Felker
2024-03-21 13:50 ` David Schinazi
2024-03-21 17:45 ` Luca Barbato
2024-03-21 19:35 ` Rich Felker
2024-03-22 0:10 ` David Schinazi
2024-03-22 0:29 ` Tomas Volf [this message]
2024-03-22 0:36 ` David Schinazi
2024-03-22 0:38 ` Rich Felker
2024-03-09 0:23 ` Jeffrey Walton
2024-03-08 15:31 ` Markus Wichmann
2024-03-08 17:22 ` Rich Felker
2024-03-06 16:15 ` Markus Wichmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZfzQ9yeW2Ft7zkrS@ws \
--to=~@wolfsden.cz \
--cc=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).