New ZeroConf Spec

Micah J. Cowan micah at
Thu Jul 20 21:18:52 BST 2006

On Thu, Jul 20, 2006 at 02:54:19PM +0200, Florian Zeitz wrote:

> To use the same paradigm as for E-Mail/IM/Web Browsing for zeroconf,
> zeroconf should be started as soon as a application wants to use it and
> stopped as soon as the application doesn't need it anymore. I don't know
> how feasible this is, but it's IMO the "right" solution.
> A probably easier to implement method is an option to enable/disable
> zeroconf support (probably going as far as providing a panel applet to
> toggle it).

zeroconf is a *completely* different beast from E-mail, IM, or Web
browsing. All of these /make/ connections, but don't receive them, and
certainly none of them blindly accept connections from any host that
chooses to speak with them. There is no inherent problem to firing up a
mail agent: the security problems have always been with once you
specifically read a malicious e-mail (I'm talking about MUAs here, not
MTAs). There is no inherent problem to firing up a web-browser: security
problems have always had to do with specifically viewing a particular

With zeroconf, there are serious passive security issues. It should
/never/ be activated without explicit choice on the part of the user.
Now, that explicit choice /could/ be to say: allow all further request
for zeroconf without pestering me, but it still needs to be explicit (it
should never be set up that way by default.

Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer...

More information about the ubuntu-devel mailing list