Skip to main content

Scalable DNS-SD (SSD) Threats

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Douglas Otis , Hosnieh Rafiee
Last updated 2016-09-18 (Latest revision 2016-03-17)
Replaces draft-otis-dnssd-mdns-xlink, draft-rafiee-dnssd-mdns-threatmodel
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


mDNS combined with Service Discovery (DNS-SD) extends network resource distribution beyond the reach of multicast normally limited by the MAC Bridge. Since related resources are often not authenticated, either local resources are inherently trustworthy or are subsequently verified by associated services. Resource distribution becomes complex when a hybrid scheme combines adjacent network resources into a common unicast DNS-SD structure. This document explores related security considerations.


Douglas Otis
Hosnieh Rafiee

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)