New ZeroConf Spec

[Florian Zeitz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Micah J. Cowan wrote:
> Everything feels quite safe, until it is exploited. Feeling of security
> in the absence of the real thing is far too common, and worse than
> having neither.
> 

This is a non-argument statement on it's own, so let me help you out
with some reasoning:
Actually using a networked computer you can never be really secure, even
if there are no open ports you could always be infected through
E-Mail/IM etc. Of course both while used open ports, but they don't run
all the time, and that is the point. Windows is insecure by default.
Ubuntu should only be insecure as short as possible and when the user is
more or less aware of it, because he started a application that does use
the network himself.
To use the same paradigm as for E-Mail/IM/Web Browsing for zeroconf,
zeroconf should be started as soon as a application wants to use it and
stopped as soon as the application doesn't need it anymore. I don't know
how feasible this is, but it's IMO the "right" solution.
A probably easier to implement method is an option to enable/disable
zeroconf support (probably going as far as providing a panel applet to
toggle it).

Note 1: insecure in this sense is potential insecurity any application
may or may not have exploitable security holes, but as you can never
know every (networking) application is insecure by definition.
Note 2: I know I didn't suggest anything new in the second part of my
mail. This is meant as a summary and personal thought about why to use
these options.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFEv3z70JXcdjR+9YQRAngoAJ9bcVn6CwhpypI6TrKtZ7bhmIp49wCeIo6C
26l52iptgoU7d8jl5T64Wfw=
=X1aa
-----END PGP SIGNATURE-----