New ZeroConf Spec
Dan Kegel
dank at kegel.com
Sat Jul 22 23:41:16 BST 2006
On 7/22/06, Andrew Jorgensen <andrew.jorgensen at gmail.com> wrote:
> > And how about the suggestion in
> > http://www.watersprings.org/pub/id/draft-williams-zeroconf-security-00.txt
> > that IPSec would help?
> > http://www.securityfocus.com/infocus/1859 describes how to turn IPsec
> > on between two OpenBSD machines, and it doesn't sound too bad.
> > Could we set up Avahi to ignore any incoming packets that were not
> > protected by IPSec, but let every other service use plain old non-IPSec packets?
> > That might be easier than cobbling up an authentication method just for
> > Zeroconf.
>
> Probably not without a firewall to do that filtering for you... and
> setting up IPSec.
Yes. And I'm saying that's the kind of thing we'd have
to do (automatically, behind the scenes) to make it
safe to deploy Avahi.
- Dan
More information about the ubuntu-devel
mailing list