draft-ietf-dnssd-prireq-02.txt   draft-ietf-dnssd-prireq-03.txt 
Network Working Group C. Huitema Network Working Group C. Huitema
Internet-Draft Private Octopus Inc. Internet-Draft Private Octopus Inc.
Intended status: Informational D. Kaiser Intended status: Informational D. Kaiser
Expires: January 26, 2020 University of Luxembourg Expires: June 22, 2020 University of Luxembourg
July 25, 2019 December 20, 2019
DNS-SD Privacy and Security Requirements DNS-SD Privacy and Security Requirements
draft-ietf-dnssd-prireq-02 draft-ietf-dnssd-prireq-03
Abstract Abstract
DNS-SD (DNS Service Discovery) normally discloses information about DNS-SD (DNS Service Discovery) normally discloses information about
devices offering and requesting services. This information includes devices offering and requesting services. This information includes
host names, network parameters, and possibly a further description of host names, network parameters, and possibly a further description of
the corresponding service instance. Especially when mobile devices the corresponding service instance. Especially when mobile devices
engage in DNS Service Discovery over Multicast DNS at a public engage in DNS Service Discovery over Multicast DNS at a public
hotspot, serious privacy problems arise. We analyze the requirements hotspot, serious privacy problems arise. We analyze the requirements
of a privacy respecting discovery service. of a privacy respecting discovery service.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 26, 2020. This Internet-Draft will expire on June 22, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Service Discovery Scenarios . . . . . . . . . . . . . . . . . 3 2. Threat Model . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Private Client and Public Server . . . . . . . . . . . . 3 3. Threat Analysis . . . . . . . . . . . . . . . . . . . . . . . 4
2.2. Private Client and Private Server . . . . . . . . . . . . 4 3.1. Service Discovery Scenarios . . . . . . . . . . . . . . . 4
2.3. Wearable Client and Server . . . . . . . . . . . . . . . 5 3.1.1. Private Client and Public Server . . . . . . . . . . 4
3. DNS-SD Privacy Considerations . . . . . . . . . . . . . . . . 6 3.1.2. Private Client and Private Server . . . . . . . . . . 5
3.1. Privacy Implication of Publishing Service Instance Names 7 3.1.3. Wearable Client and Server . . . . . . . . . . . . . 6
3.2. Privacy Implication of Publishing Node Names . . . . . . 8 3.2. DNS-SD Privacy Considerations . . . . . . . . . . . . . . 7
3.3. Privacy Implication of Publishing Service Attributes . . 8 3.2.1. Information made available via DNS-SD Resource
3.4. Device Fingerprinting . . . . . . . . . . . . . . . . . . 9 Records . . . . . . . . . . . . . . . . . . . . . . . 8
3.5. Privacy Implication of Discovering Services . . . . . . . 10 3.2.2. Privacy Implication of Publishing Service Instance
4. Security Considerations . . . . . . . . . . . . . . . . . . . 10 Names . . . . . . . . . . . . . . . . . . . . . . . . 9
4.1. Authenticity, Integrity & Freshness . . . . . . . . . . . 10 3.2.3. Privacy Implication of Publishing Node Names . . . . 9
4.2. Confidentiality . . . . . . . . . . . . . . . . . . . . . 10 3.2.4. Privacy Implication of Publishing Service Attributes 10
4.3. Resistance to Dictionary Attacks . . . . . . . . . . . . 11 3.2.5. Device Fingerprinting . . . . . . . . . . . . . . . . 10
4.4. Resistance to Denial-of-Service Attacks . . . . . . . . . 11 3.2.6. Privacy Implication of Discovering Services . . . . . 11
4.5. Resistance to Sender Impersonation . . . . . . . . . . . 11 3.3. Security Considerations . . . . . . . . . . . . . . . . . 12
4.6. Sender Deniability . . . . . . . . . . . . . . . . . . . 11 3.3.1. Authenticity, Integrity & Freshness . . . . . . . . . 12
5. Operational Considerations . . . . . . . . . . . . . . . . . 11 3.3.2. Confidentiality . . . . . . . . . . . . . . . . . . . 12
5.1. Power Management . . . . . . . . . . . . . . . . . . . . 11 3.3.3. Resistance to Dictionary Attacks . . . . . . . . . . 12
5.2. Protocol Efficiency . . . . . . . . . . . . . . . . . . . 12 3.3.4. Resistance to Denial-of-Service Attacks . . . . . . . 12
5.3. Secure Initialization and Trust Models . . . . . . . . . 12 3.3.5. Resistance to Sender Impersonation . . . . . . . . . 13
5.4. External Dependencies . . . . . . . . . . . . . . . . . . 13 3.3.6. Sender Deniability . . . . . . . . . . . . . . . . . 13
6. Requirements for a DNS-SD Privacy Extension . . . . . . . . . 13 3.4. Operational Considerations . . . . . . . . . . . . . . . 13
6.1. Private Client requirements . . . . . . . . . . . . . . . 14 3.4.1. Power Management . . . . . . . . . . . . . . . . . . 13
6.2. Private Server Requirements . . . . . . . . . . . . . . . 14 3.4.2. Protocol Efficiency . . . . . . . . . . . . . . . . . 13
6.3. Security and Operation . . . . . . . . . . . . . . . . . 15 3.4.3. Secure Initialization and Trust Models . . . . . . . 14
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 3.4.4. External Dependencies . . . . . . . . . . . . . . . . 15
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 4. Requirements for a DNS-SD Privacy Extension . . . . . . . . . 15
9. Informative References . . . . . . . . . . . . . . . . . . . 15 4.1. Private Client Requirements . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 4.2. Private Server Requirements . . . . . . . . . . . . . . . 16
4.3. Security and Operation . . . . . . . . . . . . . . . . . 17
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17
7. Informative References . . . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
1. Introduction 1. Introduction
DNS-SD [RFC6763] over mDNS [RFC6762] enables zero-configuration DNS-SD [RFC6763] over mDNS [RFC6762] enables zero-configuration
service discovery in local networks. It is very convenient for service discovery in local networks. It is very convenient for
users, but it requires the public exposure of the offering and users, but it requires the public exposure of the offering and
requesting identities along with information about the offered and requesting identities along with information about the offered and
requested services. Parts of the published information can seriously requested services. Parts of the published information can seriously
breach the user's privacy. These privacy issues and potential breach the user's privacy. These privacy issues and potential
solutions are discussed in [KW14a], [KW14b] and [K17]. solutions are discussed in [KW14a], [KW14b] and [K17].
skipping to change at page 3, line 19 skipping to change at page 3, line 29
the Wi-Fi network of an Internet cafe, or two travelers who want to the Wi-Fi network of an Internet cafe, or two travelers who want to
share files between their laptops when waiting for their plane in an share files between their laptops when waiting for their plane in an
airport lounge. airport lounge.
We expect that these exchanges will start with a discovery procedure We expect that these exchanges will start with a discovery procedure
using DNS-SD [RFC6763] over mDNS [RFC6762]. One of the devices will using DNS-SD [RFC6763] over mDNS [RFC6762]. One of the devices will
publish the availability of a service, such as a picture library or a publish the availability of a service, such as a picture library or a
file store in our examples. The user of the other device will file store in our examples. The user of the other device will
discover this service, and then connect to it. discover this service, and then connect to it.
When analyzing these scenarios in Section 3, we find that the DNS-SD When analyzing these scenarios in Section 3.2, we find that the DNS-
messages leak identifying information such as the service instance SD messages leak identifying information such as the service instance
name, the host name, or service properties. name, the host name, or service properties.
1.1. Requirements 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Service Discovery Scenarios Identity In this document, the term "identity" refers to the
identity of the entitiy (legal person) operating a device.
Disclosing an Identity In this document "disclosing an identiy"
means showing the identity of operating entities to devices
external to the discovery process; e.g., devices on the same
network link that are listening to the network traffic but are not
actually involved in the discovery process. This document focuses
on identity disclosure by data conveyed via messages on the
service discovery protocol layer. Still, identity leaks on deeper
layers, e.g., the IP layer, are mentioned.
Disclosing Information In this document "disclosing information" is
also focused on disclosure by data conveyed via messages on the
service discovery protocol layer.
2. Threat Model
This document considers the following attacker types sorted by
increasing power. All these attackers can either be passive, i.e.
they just listen to network traffic they have access to, or active,
i.e. they additionally can craft and send (malicious) packets.
external An external attacker is not on the same network link as
victim devices engaging in service discovery; thus, the external
attacker is in a different multicast domain.
on-link An on-link attacker is on the same network link as victim
devices engaging in service discovery; thus, the external attacker
is in the same multicast domain. This attacker can also mount all
attacks an external attacker can mount.
MITM A Man in the Middle (MITM) attacker either controls (parts of)
a network link or can trick two parties to send traffic via him;
thus, the MITM attacker has access to unicast traffic between
devices engaging in service discovery. This attacker can also
mount all attacks an on-link attacker can mount.
3. Threat Analysis
In this section we analyse how the attackers described in the
previous section might threaten the privacy of legal persons
operating devices engaging in service discovery. We focus on attacks
leveraging data transmitted in service discovery protocol messages.
3.1. Service Discovery Scenarios
In this section, we review common service discovery scenarios and In this section, we review common service discovery scenarios and
discuss their privacy requirements. discuss privacy threats and their privacy requirements. In all three
of these common scenarios the attacker is of the type passive on-
link.
2.1. Private Client and Public Server 3.1.1. Private Client and Public Server
Perhaps the simplest private discovery scenario involves a single Perhaps the simplest private discovery scenario involves a single
client connecting to a public server through a public network. A client connecting to a public server through a public network. A
common example would be a traveler using a publicly available printer common example would be a traveler using a publicly available printer
in a business center, in an hotel, or at an airport. in a business center, in an hotel, or at an airport.
( Taking notes: ( Taking notes:
( David is printing ( David is printing
( a document ( a document
~~~~~~~~~~~ ~~~~~~~~~~~
o o
___ o ___ ___ o ___
/ \ _|___|_ / \ _|___|_
| | |* *| | | client server |* *|
\_/ __ \_/ \_/ __ \_/
| / / Discovery +----------+ | | / / Discovery +----------+ |
/|\ /_/ <-----------> | +----+ | /|\ /|\ /_/ <-----------> | +----+ | /|\
/ | \__/ +--| |--+ / | \ / | \__/ +--| |--+ / | \
/ | |____/ / | \ / | |____/ / | \
/ | / | \ / | / | \
/ \ / \ / \ / \
/ \ / \ / \ / \
/ \ / \ / \ / \
/ \ / \ / \ / \
/ \ / \ / \ / \
David adversary
In that scenario, the server is public and wants to be discovered, In that scenario, the server is public and wants to be discovered,
but the client is private. The adversary will be listening to the but the client is private. The adversary will be listening to the
network traffic, trying to identify the visitors' devices and their network traffic, trying to identify the visitors' devices and their
activity. Identifying devices leads to identifying people, either activity. Identifying devices leads to identifying people, either
just for tracking people or as a preliminary to targeted attacks. just for tracking people or as a preliminary to targeted attacks.
The requirement in that scenario is that the discovery activity The requirement in that scenario is that the discovery activity
should not disclose the identity of the client. should not disclose the identity of the client.
2.2. Private Client and Private Server 3.1.2. Private Client and Private Server
The second private discovery scenario involves a private client The second private discovery scenario involves a private client
connecting to a private server. A common example would be two people connecting to a private server. A common example would be two people
engaging in a collaborative application in a public place, such as engaging in a collaborative application in a public place, such as
for example an airport's lounge. for example an airport's lounge.
( Taking notes: ( Taking notes:
( David is meeting ( David is meeting
( with Stuart ( with Stuart
~~~~~~~~~~~ ~~~~~~~~~~~
o o
___ ___ o ___ ___ ___ o ___
/ \ / \ _|___|_ / \ / \ _|___|_
| | | | |* *| | | server client | | |* *|
\_/ __ __ \_/ \_/ \_/ __ __ \_/ \_/
| / / Discovery \ \ | | | / / Discovery \ \ | |
/|\ /_/ <-----------> \_\ /|\ /|\ /|\ /_/ <-----------> \_\ /|\ /|\
/ | \__/ \__/ | \ / | \ / | \__/ \__/ | \ / | \
/ | | \ / | \ / | | \ / | \
/ | | \ / | \ / | | \ / | \
/ \ / \ / \ / \ / \ / \
/ \ / \ / \ / \ / \ / \
/ \ / \ / \ / \ / \ / \
/ \ / \ / \ / \ / \ / \
/ \ / \ / \ / \ / \ / \
David Stuart Adversary
In that scenario, the collaborative application on one of the devices In that scenario, the collaborative application on one of the devices
will act as a server, and the application on the other device will will act as a server, and the application on the other device will
act as a client. The server wants to be discovered by the client, act as a client. The server wants to be discovered by the client,
but has no desire to be discovered by anyone else. The adversary but has no desire to be discovered by anyone else. The adversary
will be listening to network traffic, attempting to discover the will be listening to network traffic, attempting to discover the
identity of devices as in the first scenario, and also attempting to identity of devices as in the first scenario, and also attempting to
discover the patterns of traffic, as these patterns reveal the discover the patterns of traffic, as these patterns reveal the
business and social interactions between the owners of the devices. business and social interactions between the owners of the devices.
The requirement in that scenario is that the discovery activity The requirement in that scenario is that the discovery activity
should not disclose the identity of either the client or the server. should not disclose the identity of either the client or the server.
2.3. Wearable Client and Server 3.1.3. Wearable Client and Server
The third private discovery scenario involves wearable devices. A The third private discovery scenario involves wearable devices. A
typical example would be the watch on someone's wrist connecting to typical example would be the watch on someone's wrist connecting to
the phone in their pocket. the phone in their pocket.
( Taking notes: ( Taking notes:
( David' is here. His watch is ( David' is here. His watch is
( talking to his phone ( talking to his phone
~~~~~~~~~~~ ~~~~~~~~~~~
o o
___ o ___ ___ o ___
/ \ _|___|_ / \ _|___|_
| | |* *| | | client |* *|
\_/ \_/ \_/ \_/
| _/ | | _/ |
/|\ // /|\ /|\ // /|\
/ | \__/ ^ / | \ / | \__/ ^ / | \
/ |__ | Discovery / | \ / |__ | Discovery / | \
/ |\ \ v / | \ / |\ \ v / | \
/ \\_\ / \ / \\_\ / \
/ \ / \ / \ server / \
/ \ / \ / \ / \
/ \ / \ / \ / \
/ \ / \ / \ / \
David Adversary
This third scenario is in many ways similar to the second scenario. This third scenario is in many ways similar to the second scenario.
It involves two devices, one acting as server and the other acting as It involves two devices, one acting as server and the other acting as
client, and it leads to the same requirement that the discovery client, and it leads to the same requirement of the discovery traffic
traffic not disclose the identity of either the client or the server. not disclosing the identity of either the client or the server. The
The main difference is that the devices are managed by a single main difference is that the devices are managed by a single owner,
owner, which can lead to different methods for establishing secure which can lead to different methods for establishing secure relations
relations between the device. There is also an added emphasis in between the devices. There is also an added emphasis on hiding the
hiding the type of devices that the person wears. type of devices that the person wears.
In addition to tracking the identity of the owner of the devices, the In addition to tracking the identity of the owner of the devices, the
adversary is interested by the characteristics of the devices, such adversary is interested in the characteristics of the devices, such
as type, brand, and model. Identifying the type of device can lead as type, brand, and model. Identifying the type of device can lead
to further attacks, from theft to device specific hacking. The to further attacks, from theft to device specific hacking. The
combination of devices worn by the same person will also provide a combination of devices worn by the same person will also provide a
"fingerprint" of the person, allowing identification. "fingerprint" of the person, allowing identification.
3. DNS-SD Privacy Considerations 3.2. DNS-SD Privacy Considerations
The discovery scenarios in Section Section 2 illustrate three While the discovery process illustrated in the scenarios in Section 2
separate abstract privacy requirements that vary based on the use most likely would be based on [RFC6762] as a means for making service
case: information available, this document considers all kinds of means for
making DNS-SD resource records available. These means comprise but
are not limited to mDNS [RFC6762], DNS servers ([RFC1033] [RFC1034],
[RFC1035]), e.g. using SRP [I-D.ietf-dnssd-srp], and multi-link
[RFC7558] networks.
The discovery scenarios in Section 3.1 illustrate three separate
abstract privacy requirements that vary based on the use case. These
are not limited to mDNS.
1. Client identity privacy: Client identities are not leaked during 1. Client identity privacy: Client identities are not leaked during
service discovery or use. service discovery or use.
2. Multi-owner, mutual client and server identity privacy: Neither 2. Multi-entity, mutual client and server identity privacy: Neither
client nor server identities are leaked during service discovery client nor server identities are leaked during service discovery
or use. or use.
3. Single-owner, mutual client and server identity privacy: 3. Single-entity, mutual client and server identity privacy:
Identities of clients and servers owned and managed by the same Identities of clients and servers owned and managed by the same
application, device, or user are not leaked during service legal person are not leaked during service discovery or use.
discovery or use.
In the this section, we describe aspects of DNS-SD that make these In this section, we describe aspects of DNS-SD that make these
requirements difficult to achieve in practice. requirements difficult to achieve in practice.
Client identity privacy, if not addressed properly, can be thwarted
by a passive attacker (see Section 2). The type of passive attacker
necessary depends on the means of making service information
available. Information conveyed via multicast messages can be
obtained by an on-link attacker, while unicast messages are only
available to MITM attackers. Using multi-link service discovery
solutions [RFC7558], external attackers have to be taken into
consideration as well, e.g., when relaying multicast messages to
other links.
Server identity privacy can be thwarted by a passive attacker in the
same way as client identity privacy. Additionally, active attackers
querying for information have to be taken into consideration as well.
This is mainly relevant for unicast based discovery, where listening
to discovery traffic requires a MITM attacker; however, an external
active attacker might be able to learn the server identity by just
querying for service information, e.g. via DNS.
3.2.1. Information made available via DNS-SD Resource Records
DNS-Based Service Discovery (DNS-SD) is defined in [RFC6763]. It DNS-Based Service Discovery (DNS-SD) is defined in [RFC6763]. It
allows nodes to publish the availability of an instance of a service allows nodes to publish the availability of an instance of a service
by inserting specific records in the DNS ([RFC1033], [RFC1034], by inserting specific records in the DNS ([RFC1033], [RFC1034],
[RFC1035]) or by publishing these records locally using multicast DNS [RFC1035]) or by publishing these records locally using multicast DNS
(mDNS) [RFC6762]. Available services are described using three types (mDNS) [RFC6762]. Available services are described using three types
of records: of records:
PTR Record: Associates a service type in the domain with an PTR Record: Associates a service type in the domain with an
"instance" name of this service type. "instance" name of this service type.
SRV Record: Provides the node name, port number, priority and weight SRV Record: Provides the node name, port number, priority and weight
associated with the service instance, in conformance with associated with the service instance, in conformance with
[RFC2782]. [RFC2782].
TXT Record: Provides a set of attribute-value pairs describing TXT Record: Provides a set of attribute-value pairs describing
specific properties of the service instance. specific properties of the service instance.
3.1. Privacy Implication of Publishing Service Instance Names 3.2.2. Privacy Implication of Publishing Service Instance Names
In the first phase of discovery, clients obtain all PTR records In the first phase of discovery, clients obtain all PTR records
associated with a service type in a given naming domain. Each PTR associated with a service type in a given naming domain. Each PTR
record contains a Service Instance Name defined in Section 4 of record contains a Service Instance Name defined in Section 4 of
[RFC6763]: [RFC6763]:
Service Instance Name = <Instance> . <Service> . <Domain> Service Instance Name = <Instance> . <Service> . <Domain>
The <Instance> portion of the Service Instance Name is meant to The <Instance> portion of the Service Instance Name is meant to
convey enough information for users of discovery clients to easily convey enough information for users of discovery clients to easily
skipping to change at page 8, line 21 skipping to change at page 9, line 45
Alice will see the list on her phone and understand intuitively that Alice will see the list on her phone and understand intuitively that
she should pick the first item. The discovery will "just work". she should pick the first item. The discovery will "just work".
However, DNS-SD/mDNS will reveal to anybody that Alice is currently However, DNS-SD/mDNS will reveal to anybody that Alice is currently
visiting the Internet Cafe. It further discloses the fact that she visiting the Internet Cafe. It further discloses the fact that she
uses two devices, shares an image store, and uses a chat application uses two devices, shares an image store, and uses a chat application
supporting the _presence protocol on both of her devices. She might supporting the _presence protocol on both of her devices. She might
currently chat with Bob or Carol, as they are also using a _presence currently chat with Bob or Carol, as they are also using a _presence
supporting chat application. This information is not just available supporting chat application. This information is not just available
to devices actively browsing for and offering services, but to to devices actively browsing for and offering services, but to
anybody passively listening to the network traffic. anybody passively listening to the network traffic, i.e. a passive
on-link attacker.
3.2. Privacy Implication of Publishing Node Names 3.2.3. Privacy Implication of Publishing Node Names
The SRV records contain the DNS name of the node publishing the The SRV records contain the DNS name of the node publishing the
service. Typical implementations construct this DNS name by service. Typical implementations construct this DNS name by
concatenating the "host name" of the node with the name of the local concatenating the "host name" of the node with the name of the local
domain. The privacy implications of this practice are reviewed in domain. The privacy implications of this practice are reviewed in
[RFC8117]. Depending on naming practices, the host name is either a [RFC8117]. Depending on naming practices, the host name is either a
strong identifier of the device, or at a minimum a partial strong identifier of the device, or at a minimum a partial
identifier. It enables tracking of both the device, and, by identifier. It enables tracking of both the device, and, by
extension, the device's owner. extension, the device's owner.
3.3. Privacy Implication of Publishing Service Attributes 3.2.4. Privacy Implication of Publishing Service Attributes
The TXT record's attribute-value pairs contain information on the The TXT record's attribute-value pairs contain information on the
characteristics of the corresponding service instance. This in turn characteristics of the corresponding service instance. This in turn
reveals information about the devices that publish services. The reveals information about the devices that publish services. The
amount of information varies widely with the particular service and amount of information varies widely with the particular service and
its implementation: its implementation:
o Some attributes like the paper size available in a printer, are o Some attributes like the paper size available in a printer, are
the same on many devices, and thus only provide limited the same on many devices, and thus only provide limited
information to a tracker. information to a tracker.
skipping to change at page 9, line 15 skipping to change at page 10, line 39
Information contained in TXT records does not only breach privacy by Information contained in TXT records does not only breach privacy by
making devices trackable, but might directly contain private making devices trackable, but might directly contain private
information about the user. For instance the _presence service information about the user. For instance the _presence service
reveals the "chat status" to everyone in the same network. Users reveals the "chat status" to everyone in the same network. Users
might not be aware of that. might not be aware of that.
Further, TXT records often contain version information about services Further, TXT records often contain version information about services
allowing potential attackers to identify devices running exploit- allowing potential attackers to identify devices running exploit-
prone versions of a certain service. prone versions of a certain service.
3.4. Device Fingerprinting 3.2.5. Device Fingerprinting
The combination of information published in DNS-SD has the potential The combination of information published in DNS-SD has the potential
to provide a "fingerprint" of a specific device. Such information to provide a "fingerprint" of a specific device. Such information
includes: includes:
o List of services published by the device, which can be retrieved o List of services published by the device, which can be retrieved
because the SRV records will point to the same host name. because the SRV records will point to the same host name.
o Specific attributes describing these services. o Specific attributes describing these services.
skipping to change at page 9, line 37 skipping to change at page 11, line 14
o Priority and weight attributes in the SRV records. o Priority and weight attributes in the SRV records.
This combination of services and attributes will often be sufficient This combination of services and attributes will often be sufficient
to identify the version of the software running on a device. If a to identify the version of the software running on a device. If a
device publishes many services with rich sets of attributes, the device publishes many services with rich sets of attributes, the
combination may be sufficient to identify the specific device. combination may be sufficient to identify the specific device.
A sometimes heard argument is that devices providing services can be A sometimes heard argument is that devices providing services can be
identified by observing the local traffic, and that trying to hide identified by observing the local traffic, and that trying to hide
the presence of the service is futile. This argument, however, does the presence of the service is futile. However,
not carry much weight because
1. Proving privacy at the discovery layer is of the essence for 1. Providing privacy at the discovery layer is of the essence for
enabling automatically configured privacy-preserving network enabling automatically configured privacy-preserving network
applications. Application layer protocols are not forced to applications. Application layer protocols are not forced to
leverage the offered privacy, but if device tracking is not leverage the offered privacy, but if device tracking is not
prevented at the deeper layers, including the service discovery prevented at the deeper layers, including the service discovery
layer, obfuscating a certain service's protocol at the layer, obfuscating a certain service's protocol at the
application layer is futile. application layer is futile.
2. Further, even if the application layer does not protect privacy, 2. Further, in the case of mDNS based discovery, even if the
it is hard to record and analyse the unicast traffic (which most application layer does not protect privacy, typically services
applications will generate) compared to just listening to the are provided via unicast which requires a MITM attacker, while
multicast messages sent by DNS-SD/mDNS. identifying services based on multicast discovery messages just
requires an on-link attacker.
The same argument can be extended to say that the pattern of services The same argument can be extended to say that the pattern of services
offered by a device allows for fingerprinting the device. This may offered by a device allows for fingerprinting the device. This may
or may not be true, since we can expect that services will be or may not be true, since we can expect that services will be
designed or updated to avoid leaking fingerprints. In any case, the designed or updated to avoid leaking fingerprints. In any case, the
design of the discovery service should avoid making a bad situation design of the discovery service should avoid making a bad situation
worse, and should as much as possible avoid providing new worse, and should as much as possible avoid providing new
fingerprinting information. fingerprinting information.
3.5. Privacy Implication of Discovering Services 3.2.6. Privacy Implication of Discovering Services
The consumers of services engage in discovery, and in doing so reveal The consumers of services engage in discovery, and in doing so reveal
some information such as the list of services they are interested in some information such as the list of services they are interested in
and the domains in which they are looking for the services. When the and the domains in which they are looking for the services. When the
clients select specific instances of services, they reveal their clients select specific instances of services, they reveal their
preference for these instances. This can be benign if the service preference for these instances. This can be benign if the service
type is very common, but it could be more problematic for sensitive type is very common, but it could be more problematic for sensitive
services, such as for example some private messaging services. services, such as for example some private messaging services.
One way to protect clients would be to somehow encrypt the requested One way to protect clients would be to somehow encrypt the requested
service types. Of course, just as we noted in Section 3.4, traffic service types. Of course, just as we noted in Section 3.2.5, traffic
analysis can often reveal the service. analysis can often reveal the service.
4. Security Considerations 3.3. Security Considerations
For each of the operations described above, we must also consider For each of the operations described above, we must also consider
security threats we are concerned about. security threats we are concerned about.
4.1. Authenticity, Integrity & Freshness 3.3.1. Authenticity, Integrity & Freshness
Can we trust the information we receive? Has it been modified in Can we trust the information we receive? Has it been modified in
flight by an adversary? Do we trust the source of the information? flight by an adversary? Do we trust the source of the information?
Is the source of information fresh, i.e., not replayed? Freshness Is the source of information fresh, i.e., not replayed? Freshness
may or may not be required depending on whether the discovery process may or may not be required depending on whether the discovery process
is meant to be online. In some cases, publishing discovery is meant to be online. In some cases, publishing discovery
information to a shared directory or registry, rather than to each information to a shared directory or registry, rather than to each
online recipient through a broadcast channel, may suffice. online recipient through a broadcast channel, may suffice.
4.2. Confidentiality 3.3.2. Confidentiality
Confidentiality is about restricting information access to only Confidentiality is about restricting information access to only
authorized individuals. Ideally this should only be the appropriate authorized individuals. Ideally this should only be the appropriate
trusted parties, though it can be challenging to define who are "the trusted parties, though it can be challenging to define who are "the
appropriate trusted parties." In some uses cases, this may mean that appropriate trusted parties." In some uses cases, this may mean that
only mutually authenticated and trusting clients and servers can read only mutually authenticated and trusting clients and servers can read
messages sent for one another. The "Discover" operation in messages sent for one another. The "Discover" operation in
particular is often used to discover new entities that the device did particular is often used to discover new entities that the device did
not previously know about. It may be tricky to work out how a device not previously know about. It may be tricky to work out how a device
can have an established trust relationship with a new entity it has can have an established trust relationship with a new entity it has
never previously communicated with. never previously communicated with.
4.3. Resistance to Dictionary Attacks 3.3.3. Resistance to Dictionary Attacks
It can be tempting to use (publicly computable) hash functions to It can be tempting to use (publicly computable) hash functions to
obscure sensitive identifiers. This transforms a sensitive unique obscure sensitive identifiers. This transforms a sensitive unique
identifier such as an email address into a "scrambled" (but still identifier such as an email address into a "scrambled" but still
unique) identifier. Unfortunately simple solutions may be vulnerable unique identifier. Unfortunately simple solutions may be vulnerable
to offline dictionary attacks. to offline dictionary attacks.
4.4. Resistance to Denial-of-Service Attacks 3.3.4. Resistance to Denial-of-Service Attacks
In any protocol where the receiver of messages has to perform In any protocol where the receiver of messages has to perform
cryptographic operations on those messages, there is a risk of a cryptographic operations on those messages, there is a risk of a
brute-force flooding attack causing the receiver to expend excessive brute-force flooding attack causing the receiver to expend excessive
amounts of CPU time (and battery power) just processing and amounts of CPU time and, where appliciable, battery power just
discarding those messages. processing and discarding those messages.
4.5. Resistance to Sender Impersonation Also, amplification attacks have to be taken into consideration.
Messages with larger payloads should only be sent as an answer to a
query sent by a verified client.
3.3.5. Resistance to Sender Impersonation
Sender impersonation is an attack wherein messages such as service Sender impersonation is an attack wherein messages such as service
offers are forged by entities who do not possess the corresponding offers are forged by entities who do not possess the corresponding
secret key material. These attacks may be used to learn the identity secret key material. These attacks may be used to learn the identity
of a communicating party, actively or passively. of a communicating party, actively or passively.
4.6. Sender Deniability 3.3.6. Sender Deniability
Deniability of sender activity, e.g., of broadcasting a discovery Deniability of sender activity, e.g., of broadcasting a discovery
request, may be desirable or necessary in some use cases. This request, may be desirable or necessary in some use cases. This
property ensures that eavesdroppers cannot prove senders issued a property ensures that eavesdroppers cannot prove senders issued a
specific message destined for one or more peers. specific message destined for one or more peers.
5. Operational Considerations 3.4. Operational Considerations
5.1. Power Management 3.4.1. Power Management
Many modern devices, especially battery-powered devices, use power Many modern devices, especially battery-powered devices, use power
management techniques to conserve energy. One such technique is for management techniques to conserve energy. One such technique is for
a device to transfer information about itself to a proxy, which will a device to transfer information about itself to a proxy, which will
act on behalf of the device for some functions, while the device act on behalf of the device for some functions, while the device
itself goes to sleep to reduce power consumption. When the proxy itself goes to sleep to reduce power consumption. When the proxy
determines that some action is required which only the device itself determines that some action is required which only the device itself
can perform, the proxy may have some way (such as Ethernet "Magic can perform, the proxy may have some way, such as Ethernet "Magic
Packet") to wake the device. Packet", to wake the device.
In many cases, the device may not trust the network proxy In many cases, the device may not trust the network proxy
sufficiently to share all its confidential key material with the sufficiently to share all its confidential key material with the
proxy. This poses challenges for combining private discovery that proxy. This poses challenges for combining private discovery that
relies on per-query cryptographic operations, with energy-saving relies on per-query cryptographic operations, with energy-saving
techniques that rely on having (somewhat untrusted) network proxies techniques that rely on having (somewhat untrusted) network proxies
answer queries on behalf of sleeping devices. answer queries on behalf of sleeping devices.
5.2. Protocol Efficiency 3.4.2. Protocol Efficiency
Creating a discovery protocol that has the desired security Creating a discovery protocol that has the desired security
properties may result in a design that is not efficient. To perform properties may result in a design that is not efficient. To perform
the necessary operations the protocol may need to send and receive a the necessary operations the protocol may need to send and receive a
large number of network packets. This may consume an unreasonable large number of network packets. This may consume an unreasonable
amount of network capacity (particularly problematic when it's shared amount of network capacity, particularly problematic when it is a
wireless spectrum), cause an unnecessary level of power consumption shared wireless spectrum. Further it may cause an unnecessary level
(particularly problematic on battery devices) and may result in the of power consumption which is particularly problematic on battery
discovery process being slow. devices, and may result in the discovery process being slow.
It is a difficult challenge to design a discovery protocol that has It is a difficult challenge to design a discovery protocol that has
the property of obscuring the details of what it is doing from the property of obscuring the details of what it is doing from
unauthorized observers, while also managing to do that efficiently. unauthorized observers, while also managing to do that efficiently.
5.3. Secure Initialization and Trust Models 3.4.3. Secure Initialization and Trust Models
One of the challenges implicit in the preceding discussions is that One of the challenges implicit in the preceding discussions is that
whenever we discuss "trusted entities" versus "untrusted entities", whenever we discuss "trusted entities" versus "untrusted entities",
there needs to be some way that trust is initially established, to there needs to be some way that trust is initially established, to
convert an "untrusted entity" into a "trusted entity". convert an "untrusted entity" into a "trusted entity".
One way to establish trust between two entities is to trust a third One way to establish trust between two entities is to trust a third
party to make that determination for us. For example, the X.509 party to make that determination for us. For example, the X.509
certificates used by TLS and HTTPS web browsing are based on the certificates used by TLS and HTTPS web browsing are based on the
model of trusting a third party to tell us whom to trust. There are model of trusting a third party to tell us whom to trust. There are
skipping to change at page 13, line 20 skipping to change at page 14, line 48
Schnorr Non-interactive Zero-Knowledge Proof [RFC8235]. Schnorr Non-interactive Zero-Knowledge Proof [RFC8235].
Such techniques require a user to enter the correct passphrase or PIN Such techniques require a user to enter the correct passphrase or PIN
in order for the cryptographic algorithms to establish working in order for the cryptographic algorithms to establish working
communication. This avoids the human tendency to simply press the communication. This avoids the human tendency to simply press the
"OK" button when asked if they want to do something on their "OK" button when asked if they want to do something on their
electronic device. It removes the human fallibility element from the electronic device. It removes the human fallibility element from the
equation, and avoids the human users inadvertently sabotaging their equation, and avoids the human users inadvertently sabotaging their
own security. own security.
Using these techniques, if a user tries to print their tax return on Without these techniques, users who try to print their tax return on
a printer they've never used before (even though the name looks a printer they've never used before will be tempted to just go ahead
right) they'll be prompted to enter a pairing PIN, and the user if the name looks right. With these techniques they'll be prompted
*cannot* ignore that warning. They can't just press an "OK" button. to enter a pairing PIN, and *cannot* ignore that warning. They can't
They have to walk to the printer and read the displayed PIN and enter just press an "OK" button. They have to walk to the printer and read
it. And if the intended printer is not displaying a pairing PIN, or the displayed PIN and enter it. And if the intended printer is not
is displaying a different pairing PIN, that means the user may be displaying a pairing PIN, or is displaying a different pairing PIN,
being spoofed, and the connection will not succeed, and the failure that means the user may be being spoofed, and the connection will not
will not reveal any secret information to the attacker. As much as succeed, and the failure will not reveal any secret information to
the human desires to "just give me an OK button to make it print" the attacker. As much as the human desires to "just give me an OK
(and the attacker desires them to click that OK button too) the button to make it print", and the attacker desires them to click that
cryptographic algorithms do not give the user the ability to opt out OK button, too, the cryptographic algorithms do not give the user the
of the security, and consequently do not give the attacker any way to ability to opt out of the security, and consequently do not give the
persuade the user to opt out of the security protections. attacker any way to persuade the user to opt out of the security
protections.
5.4. External Dependencies 3.4.4. External Dependencies
Trust establishment may depend on external, and optionally online, Trust establishment may depend on external, and optionally online,
parties. Systems which have such a dependency may be attacked by parties. Systems which have such a dependency may be attacked by
interfering with communication to external dependencies. Where interfering with communication to external dependencies. Where
possible, such dependencies should be minimized. Local trust models possible, such dependencies should be minimized. Local trust models
are best for secure initialization in the presence of active are best for secure initialization in the presence of active
attackers. attackers.
6. Requirements for a DNS-SD Privacy Extension 4. Requirements for a DNS-SD Privacy Extension
Given the considerations discussed in the previous sections, we state Given the considerations discussed in the previous sections, we state
requirements for privacy preserving DNS-SD in the following requirements for privacy preserving DNS-SD in the following
subsections. subsections.
Defining a solution according to these requirements will lead to a Defining a solution according to these requirements will lead to a
solution that does not transmit privacy violating DNS-SD messages and solution that does not transmit privacy violating DNS-SD messages and
further does not open pathways to new attacks against the operation further does not open pathways to new attacks against the operation
of DNS-SD. However, while this document gives advice on which of DNS-SD.
privacy protecting mechanisms should be used on deeper layer network
protocols and on how to actually connect to services in a privacy
preserving way, stating corresponding requirements is out of the
scope of this document.
6.1. Private Client requirements However, while this document gives advice on which privacy protecting
mechanisms should be used on deeper layer network protocols and on
how to actually connect to services in a privacy preserving way,
stating corresponding requirements is out of the scope of this
document. To mitigate attacks against privacy on lower layers, both
servers and clients must use privacy options available at lower
layers, and for example avoid publishing static IPv4 or IPv6
addresses, or static IEEE 802 MAC addresses. For services advertised
on a single network link, link local IP addresses should be used; see
[RFC3927] and [RFC4291] for IPv4 and IPv6, respectively. Static
servers advertising services globally via DNS can hide their IP
addresses from unauthorized clients using the split mode topology
shown in [I-D.ietf-tls-esni]. Hiding static MAC addresses can be
achieved via MAC address randomization (see [RFC7844]).
For all three scenarios described in Section 2, client privacy is a 4.1. Private Client Requirements
For all three scenarios described in Section 3.1, client privacy is a
requirement. Client privacy, as a requirement, can be subdivided requirement. Client privacy, as a requirement, can be subdivided
into: into:
1. DNS-SD messages transmitted by clients MUST NOT disclose the 1. DNS-SD messages transmitted by clients MUST NOT disclose the
client's identity, either directly or via inference, to nodes client's identity, either directly or via inference, to nodes
other than select servers. other than select servers.
2. DNS-SD messages transmitted by clients MUST NOT disclose the 1.
2. DNS-SD messages transmitted by clients MUST NOT contain linkable
identifiers that allow tracing client devices.
2.
3. DNS-SD messages transmitted by clients MUST NOT disclose the
client's interest in specific service instances or service types client's interest in specific service instances or service types
to nodes other than select servers. to nodes other than select servers.
3. DNS-SD messages transmitted by clients MUST NOT contain linkable 3.
identifiers that allow tracing client devices.
DNS-SD, without privacy protection, discloses both service instance Listing and resolving services via DNS-SD, clients typically disclose
names and the service types of the service instances a client is their interest in specific services types and specific instances of
interested in. Further, clients using DNS-SD disclose their host these types, respectively.
name and network parameters.
6.2. Private Server Requirements Privacy solutions fulfilling these requirements must be resilient to
fingerprinting attacks (see Section 3.2.5) that could be used for
breaching these requirements.
4.2. Private Server Requirements
Servers like the "printer" discussed in scenario 1 are public, but Servers like the "printer" discussed in scenario 1 are public, but
the servers discussed in scenarios 2 and 3 are by essence private. the servers discussed in scenarios 2 and 3 are by essence private.
Private servers have server privacy as a requirement, which can be Private servers have server privacy as a requirement, which can be
subdivided into: subdivided into:
1. Servers MUST neither publish static identifiers such as host 1. DNS-SD messages transmitted by servers MUST NOT disclose the
names or service names. When those fields are required by the server's identity, either directly or via inference, to nodes
protocol, servers should publish randomized values. (See other than authorized clients. In particular, Servers MUST NOT
[RFC8117] for a discussion of host names.). publish static identifiers such as host names or service names.
When those fields are required by the protocol, servers should
publish randomized values. (See [RFC8117] for a discussion of
host names.)
2. Servers MUST use privacy options available at lower layers, and 1.
for example avoid publishing static IPv4 or IPv6 addresses, or
static IEEE 802 MAC addresses.
3. Servers MUST NOT disclose service instance names of offered 2. DNS-SD messages transmitted by servers MUST NOT contain linkable
services to unauthorized clients. identifiers that allow tracing servers.
4. Servers MUST NOT disclose information about about the services 2.
they offer to unauthorized clients.
3. DNS-SD messages transmitted by servers MUST NOT disclose service
instance names or service types of offered services to
unauthorized clients.
3.
4. DNS-SD messages transmitted by servers MUST NOT disclose
information about the services they offer to unauthorized
clients.
4.
5. DNS-SD messages transmitted by servers MUST NOT disclose static
IPv4 or IPv6 addresses.
5.
Offering services via DNS-SD, servers typically disclose their Offering services via DNS-SD, servers typically disclose their
hostnames (SRV, A/AAAA), instance names of offered services (PRT, hostnames (SRV, A/AAAA), instance names of offered services (PRT,
SRV), and information about services (TXT). Heeding all three SRV), and information about services (TXT). Heeding these
service privacy requirements makes servers immune to fingerprinting requirements protects a server's privacy on the DNS-SD level.
attacks on the DNS-SD level.
6.3. Security and Operation 4.3. Security and Operation
In order to be secure and feasible, a DNS-SD privacy extension must In order to be secure and feasible, a DNS-SD privacy extension must
also heed the following security and operational requirements. also heed the following security and operational requirements.
All scenarios require: All scenarios require:
1. DoS resistance: The privacy protecting measures added to DNS-SD 1. DoS resistance: The privacy protecting measures added to DNS-SD
MUST neither add a significant CPU overhead on nodes, nor cause MUST neither add a significant CPU overhead on nodes, nor cause
significantly higher network load. Further, amplification significantly higher network load. Further, amplification
attacks MUST NOT be allowed. attacks MUST NOT be allowed.
7. IANA Considerations 5. IANA Considerations
This draft does not require any IANA action. This draft does not require any IANA action.
8. Acknowledgments 6. Acknowledgments
This draft incorporates many contributions from Stuart Cheshire and This draft incorporates many contributions from Stuart Cheshire and
Chris Wood. Chris Wood. Thanks to Florian Adamsky for extensive review and
suggestions on the organization of the threat model.
9. Informative References 7. Informative References
[I-D.ietf-dnssd-srp]
Cheshire, S. and T. Lemon, "Service Registration Protocol
for DNS-Based Service Discovery", draft-ietf-dnssd-srp-02
(work in progress), July 2019.
[I-D.ietf-tls-esni]
Rescorla, E., Oku, K., Sullivan, N., and C. Wood,
"Encrypted Server Name Indication for TLS 1.3", draft-
ietf-tls-esni-05 (work in progress), November 2019.
[K17] Kaiser, D., "Efficient Privacy-Preserving [K17] Kaiser, D., "Efficient Privacy-Preserving
Configurationless Service Discovery Supporting Multi-Link Configurationless Service Discovery Supporting Multi-Link
Networks", 2017, Networks", 2017,
<http://nbn-resolving.de/urn:nbn:de:bsz:352-0-422757>. <http://nbn-resolving.de/urn:nbn:de:bsz:352-0-422757>.
[KW14a] Kaiser, D. and M. Waldvogel, "Adding Privacy to Multicast [KW14a] Kaiser, D. and M. Waldvogel, "Adding Privacy to Multicast
DNS Service Discovery", DOI 10.1109/TrustCom.2014.107, DNS Service Discovery", DOI 10.1109/TrustCom.2014.107,
2014, <http://ieeexplore.ieee.org/xpl/ 2014, <http://ieeexplore.ieee.org/xpl/
articleDetails.jsp?arnumber=7011331>. articleDetails.jsp?arnumber=7011331>.
skipping to change at page 16, line 27 skipping to change at page 19, line 10
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782, specifying the location of services (DNS SRV)", RFC 2782,
DOI 10.17487/RFC2782, February 2000, DOI 10.17487/RFC2782, February 2000,
<https://www.rfc-editor.org/info/rfc2782>. <https://www.rfc-editor.org/info/rfc2782>.
[RFC3927] Cheshire, S., Aboba, B., and E. Guttman, "Dynamic
Configuration of IPv4 Link-Local Addresses", RFC 3927,
DOI 10.17487/RFC3927, May 2005,
<https://www.rfc-editor.org/info/rfc3927>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <https://www.rfc-editor.org/info/rfc4291>.
[RFC5054] Taylor, D., Wu, T., Mavrogiannopoulos, N., and T. Perrin, [RFC5054] Taylor, D., Wu, T., Mavrogiannopoulos, N., and T. Perrin,
"Using the Secure Remote Password (SRP) Protocol for TLS "Using the Secure Remote Password (SRP) Protocol for TLS
Authentication", RFC 5054, DOI 10.17487/RFC5054, November Authentication", RFC 5054, DOI 10.17487/RFC5054, November
2007, <https://www.rfc-editor.org/info/rfc5054>. 2007, <https://www.rfc-editor.org/info/rfc5054>.
[RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762, [RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762,
DOI 10.17487/RFC6762, February 2013, DOI 10.17487/RFC6762, February 2013,
<https://www.rfc-editor.org/info/rfc6762>. <https://www.rfc-editor.org/info/rfc6762>.
[RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service [RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service
Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013, Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013,
<https://www.rfc-editor.org/info/rfc6763>. <https://www.rfc-editor.org/info/rfc6763>.
[RFC7558] Lynn, K., Cheshire, S., Blanchet, M., and D. Migault,
"Requirements for Scalable DNS-Based Service Discovery
(DNS-SD) / Multicast DNS (mDNS) Extensions", RFC 7558,
DOI 10.17487/RFC7558, July 2015,
<https://www.rfc-editor.org/info/rfc7558>.
[RFC7844] Huitema, C., Mrugalski, T., and S. Krishnan, "Anonymity
Profiles for DHCP Clients", RFC 7844,
DOI 10.17487/RFC7844, May 2016,
<https://www.rfc-editor.org/info/rfc7844>.
[RFC8117] Huitema, C., Thaler, D., and R. Winter, "Current Hostname [RFC8117] Huitema, C., Thaler, D., and R. Winter, "Current Hostname
Practice Considered Harmful", RFC 8117, Practice Considered Harmful", RFC 8117,
DOI 10.17487/RFC8117, March 2017, DOI 10.17487/RFC8117, March 2017,
<https://www.rfc-editor.org/info/rfc8117>. <https://www.rfc-editor.org/info/rfc8117>.
[RFC8235] Hao, F., Ed., "Schnorr Non-interactive Zero-Knowledge [RFC8235] Hao, F., Ed., "Schnorr Non-interactive Zero-Knowledge
Proof", RFC 8235, DOI 10.17487/RFC8235, September 2017, Proof", RFC 8235, DOI 10.17487/RFC8235, September 2017,
<https://www.rfc-editor.org/info/rfc8235>. <https://www.rfc-editor.org/info/rfc8235>.
[RFC8236] Hao, F., Ed., "J-PAKE: Password-Authenticated Key Exchange [RFC8236] Hao, F., Ed., "J-PAKE: Password-Authenticated Key Exchange
 End of changes. 74 change blocks. 
149 lines changed or deleted 307 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/