New ZeroConf Spec

Dan Kegel dank at kegel.com
Sat Jul 22 15:24:23 BST 2006


On 7/22/06, Hervé Fache <Herve at lucidia.net> wrote:
> Exactly my point: Avahi over SSL with some keys-based security layer
> would make me feel a lot more comfortable.
>
> But it is possible/easy enough on on peer-to-peer type of network
> service? Every machine would need to be given the public keys of all
> the other trusted machines on the network, in a secure way (USB
> key/floppy) AIUI.

How about having a "network password" which was known to all
authorized machines, and is used to validate all incoming avahi packets.
Sure, it's bad security, but maybe it's better than no security.
We'd have to make it easy to retrieve if the user forgot it,
which makes the security even worse.  For instance, we could
save it in a noisy image of the sort used by CAPTCHA filters,
and show that image on request.    It's total crap, but better than nothing.

And how about the suggestion in
http://www.watersprings.org/pub/id/draft-williams-zeroconf-security-00.txt
that IPSec would help?
http://www.securityfocus.com/infocus/1859 describes how to turn IPsec
on between two OpenBSD machines, and it doesn't sound too bad.
Could we set up Avahi to ignore any incoming packets that were not
protected by IPSec, but let every other service use plain old non-IPSec packets?
That might be easier than cobbling up an authentication method just for
Zeroconf.
- Dan



More information about the ubuntu-devel mailing list