[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Assorted arm-buster problems - network configuration

On 7/8/19, Andrei POPESCU <andreimpopescu@gmail.com> wrote:
> On Lu, 08 iul 19, 13:37:26, Lee wrote:
>> On 7/7/19, andreimpopescu@gmail.com <andreimpopescu@gmail.com> wrote:
>> > The dangers are not at all obvious to me, possibly because I haven't
>> > used it much (if at all).
>> Read the first three paragraph of the "Security Considerations" section
>>   https://tools.ietf.org/html/rfc6762#section-21
>> Assuming everything on the network is a trusted host is a dangerous
>> assumption, so paragraph 1 is N/A
>> Assuming a trusted host won't get hacked is a dangerous assumption, so
>> paragraph 3 is N/A.
>> All that's left is paragraph 2 -- and uninstalling whatever software
>> uses mDNS :)
> Security is not a black/white thing, it's more like a balancing act.


> In my opinion mDNS/zeroconf can make perfect sense in some environments
> and be a complete no-go in others.

Apparently it's not clear that I agree :(

I thought about concluding with something about different people
making different assumptions & some not wanting or able to set up
their own dns server & living with the risk, but it seemed like such
an obvious conclusion that I didn't bother.


Reply to: