Skip to main content

Privacy Extensions for DNS-SD

Document Type Replaced Internet-Draft (dnssd WG)
Expired & archived
Authors Christian Huitema , Daniel Kaiser
Last updated 2016-10-26 (Latest revision 2016-09-28)
Replaced by draft-ietf-dnssd-privacy
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status Proposed Standard
Additional resources Mailing list discussion
Stream WG state Adopted by a WG
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-dnssd-privacy
Consensus boilerplate Yes
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


DNS-SD allows discovery of services published in DNS or MDNS. The publication normally discloses information about the device publishing the services. There are use cases where devices want to communicate without disclosing their identity, for example two mobile devices visiting the same hotspot. We propose to solve this problem by a two-stage approach. In the first stage, hosts discover Private Discovery Service Instances via DNS-SD using special formats to protect their privacy. These service instances correspond to Private Discovery Servers running on peers. In the second stage, hosts directly query these Private Discovery Servers via DNS-SD over TLS. A pairwise shared secret necessary to establish these connections is only known to hosts authorized by a pairing system.


Christian Huitema
Daniel Kaiser

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)