New ZeroConf Spec
Sam Tygier
samtygier at yahoo.co.uk
Fri Jul 21 19:32:24 BST 2006
Hervé Fache wrote:
> An example that comes to my mind, please correct if I am wrong, is
> printers. A rogue machine could advertise a printer, and you decide to
> use it. You then end up printing your confidential document on your 15
> years old neighbour's printer...
>
> A machine could pretend being a router, and you end up having all your
> data going through your 15 years old neighbour's father who is trying
> to get your banking card details.
>
> DNS is why I am interested in ZeroConf. Again, what happens if the
> machine you know as, say, 'Everest', is down, and your neighbour's
> wife machine is intentionally (or not?) called Everest too, and on the
> same network?
>
> I now stand corrected about the fact that the networks meant for local
> use are also used for non-local stuff in Australia, so really, how to
> make sure that a service advertised is indeed local to YOUR house?
> Encryption comes to my mind, more complicated, but a lot safer. Is it
> possible to use an SSL layer or something with ZeroConf?
>
> Please correct me if I missed the point(s).
> Hervé.
If you previously identified these printers, file servers etc by IP
address, then how do you know that someone has not connected to the
network with their IP?
Your application layer need to support some sort of checking identification.
I use avahi to locate a server on a network, and log in with ssh. if someone
has spoffed the name then ssh would warn me.
sam tygier
___________________________________________________________
Try the all-new Yahoo! Mail. "The New Version is radically easier to use" – The Wall Street Journal
http://uk.docs.yahoo.com/nowyoucan.html
More information about the ubuntu-devel
mailing list