New ZeroConf Spec
dank at kegel.com
Sat Jul 22 23:41:16 BST 2006
On 7/22/06, Andrew Jorgensen <andrew.jorgensen at gmail.com> wrote:
> > And how about the suggestion in
> > http://www.watersprings.org/pub/id/draft-williams-zeroconf-security-00.txt
> > that IPSec would help?
> > http://www.securityfocus.com/infocus/1859 describes how to turn IPsec
> > on between two OpenBSD machines, and it doesn't sound too bad.
> > Could we set up Avahi to ignore any incoming packets that were not
> > protected by IPSec, but let every other service use plain old non-IPSec packets?
> > That might be easier than cobbling up an authentication method just for
> > Zeroconf.
> Probably not without a firewall to do that filtering for you... and
> setting up IPSec.
Yes. And I'm saying that's the kind of thing we'd have
to do (automatically, behind the scenes) to make it
safe to deploy Avahi.
More information about the ubuntu-devel