New ZeroConf Spec
andrew.jorgensen at gmail.com
Sat Jul 22 18:34:57 BST 2006
> Exactly my point: Avahi over SSL with some keys-based security layer
> would make me feel a lot more comfortable.
> Am I saying BS?
Well, yes. That misses the whole point of mDNS. That point being to
discover neighbors you don't know about, or at least to discover
neighbors (and services) without having to set anything up. In a
corporate setting (or any other setting where you need some kind of
security) you don't use mDNS you use it's managed, potentially secure
brother DNSSD. DNSSD uses the same kinds of queries except that
instead of asking the multicast domain you just ask the DNS server.
Then you can take advantage of all the security features of DNS.
Think of it as the difference between Ad-hoc wireless and managed
wireless. There is less security in Ad-hoc (unless you add WPA to it
but let's not go there just yet) but there's a lot of convenience. If
you want security you setup a managed access-point and use some
authentication. If you just want to share a file with some other
folks in the room ad-hoc is going to be a lot easier (well, as long as
NetworkManager works for you, but again that's not the point).
Some kind of shared key might be nice if you wanted a little extra
security but when you start talking about that you're really talking
about redesigning mDNS so that it's something other than what it is.
That discussion doesn't belong here and doesn't help figure out what
to do for Edgy.
More information about the ubuntu-devel