Are we introducing a privacy concern by using multicast?
If any server can effective turn on this reporting, and get all the hosts to
multicast this info, have we just created a new passive discovery attack?
First of all, the vast majority of switches out there do not have MLD snooping enabled. So your passive discovery attack is possible already because of DAD (we discussed exactly that in the Security Consideration section of RFC9131). If the network has MLD snooping enabled - then an attacker can join 'all routers' group and still see GRAND (RFC9131) packets as well. If the attacker joins 'all DHCP servers' group and sees all DHCP traffic from the client, in which case all DHCP addresses are revealed anyway.IMHO if the network administrator wishes to hide addresses used by other clients, the network shall provide complete p2p isolation.
From the email thread:
First of all, the vast majority of switches out there do not have MLD snooping enabled. So your passive discovery attack is possible already because of DAD (we discussed exactly that in the Security Consideration section of RFC9131). If the network has MLD snooping enabled - then an attacker can join 'all routers' group and still see GRAND (RFC9131) packets as well. If the attacker joins 'all DHCP servers' group and sees all DHCP traffic from the client, in which case all DHCP addresses are revealed anyway.IMHO if the network administrator wishes to hide addresses used by other clients, the network shall provide complete p2p isolation.