New ZeroConf Spec
Micah J. Cowan
micah at cowan.name
Thu Jul 20 21:18:52 BST 2006
On Thu, Jul 20, 2006 at 02:54:19PM +0200, Florian Zeitz wrote:
> To use the same paradigm as for E-Mail/IM/Web Browsing for zeroconf,
> zeroconf should be started as soon as a application wants to use it and
> stopped as soon as the application doesn't need it anymore. I don't know
> how feasible this is, but it's IMO the "right" solution.
> A probably easier to implement method is an option to enable/disable
> zeroconf support (probably going as far as providing a panel applet to
> toggle it).
zeroconf is a *completely* different beast from E-mail, IM, or Web
browsing. All of these /make/ connections, but don't receive them, and
certainly none of them blindly accept connections from any host that
chooses to speak with them. There is no inherent problem to firing up a
mail agent: the security problems have always been with once you
specifically read a malicious e-mail (I'm talking about MUAs here, not
MTAs). There is no inherent problem to firing up a web-browser: security
problems have always had to do with specifically viewing a particular
site.
With zeroconf, there are serious passive security issues. It should
/never/ be activated without explicit choice on the part of the user.
Now, that explicit choice /could/ be to say: allow all further request
for zeroconf without pestering me, but it still needs to be explicit (it
should never be set up that way by default.
--
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer...
http://micah.cowan.name/
More information about the ubuntu-devel
mailing list