New ZeroConf Spec

Florian Zeitz Florian.Zeitz at gmx.de
Fri Jul 21 14:56:00 BST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hervé Fache wrote:
> An example that comes to my mind, please correct if I am wrong, is
> printers. A rogue machine could advertise a printer, and you decide to
> use it. You then end up printing your confidential document on your 15
> years old neighbour's printer...
> 
> A machine could pretend being a router, and you end up having all your
> data going through your 15 years old neighbour's father who is trying
> to get your banking card details.
> 
Both cases are possible, but won't really happen IMHO.
1. Why would your neighbors PC be on the same network as yours?
2. Why would you print to a printer of which you don't know the
location, didn't know it existed, that is connected to an unknown PC?
3. Why would a unexperienced user configure routing?
4. Why would a experienced user use a router he doesn't know?

> DNS is why I am interested in ZeroConf. Again, what happens if the
> machine you know as, say, 'Everest', is down, and your neighbour's
> wife machine is intentionally (or not?) called Everest too, and on the
> same network?
> 
Most probably there will be a machine called Everest shown in your
network. But why would your neighbors do that and especially why are
they in your network in the first place? This would probably already
possible if they set up a DHCP/DNS server.

> I now stand corrected about the fact that the networks meant for local
> use are also used for non-local stuff in Australia, so really, how to
> make sure that a service advertised is indeed local to YOUR house?
> Encryption comes to my mind, more complicated, but a lot safer. Is it
> possible to use an SSL layer or something with ZeroConf?
> 
Use a router/firewall? And don't use WLAN especially not unencrypted. If
you don't accept incoming traffic how would anybody send data to a
service in your house?

Somehow all the posts and scenarios on the mailing list question my
understanding of the way networks work. Regardless if you have zeroconf
or not, the service in your local network will be equally available, it
may just be easier to discover. So if their is a risk of a unallowed
person using it, it is already present it would just be made a little
bit higher with zeroconf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFEwNzw0JXcdjR+9YQRAptEAKClcNk2SbhzagKkflU/729NoQFJkwCfaG8S
fHaoxblNVhpEr1wUR37gdu0=
=o85k
-----END PGP SIGNATURE-----

More information about the ubuntu-devel mailing list