Scalable DNS-SD (SSD) Threats

Document Type Expired Internet-Draft (individual)
Authors Douglas Otis  , Hosnieh Rafiee 
Last updated 2016-09-18 (latest revision 2016-03-17)
Replaces draft-otis-dnssd-mdns-xlink, draft-rafiee-dnssd-mdns-threatmodel
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


mDNS combined with Service Discovery (DNS-SD) extends network resource distribution beyond the reach of multicast normally limited by the MAC Bridge. Since related resources are often not authenticated, either local resources are inherently trustworthy or are subsequently verified by associated services. Resource distribution becomes complex when a hybrid scheme combines adjacent network resources into a common unicast DNS-SD structure. This document explores related security considerations.


Douglas Otis (
Hosnieh Rafiee (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)