New ZeroConf Spec
Dick Davies
rasputnik at gmail.com
Mon Jul 24 19:48:19 BST 2006
On 21/07/06, Hervé Fache <Herve at lucidia.net> wrote:
> An example that comes to my mind, please correct if I am wrong, is
> printers. A rogue machine could advertise a printer, and you decide to
> use it. You then end up printing your confidential document on your 15
> years old neighbour's printer...
If it's a sensitive document, and you don't trust the network, then you should
be printing over SSL . In which case you notice the other end is broken.
> A machine could pretend being a router, and you end up having all your
> data going through your 15 years old neighbour's father who is trying
> to get your banking card details.
That can happen with any untrusted network if you're using DHCP.
No-one seems bothered by that.
> DNS is why I am interested in ZeroConf. Again, what happens if the
> machine you know as, say, 'Everest', is down, and your neighbour's
> wife machine is intentionally (or not?) called Everest too, and on the
> same network?
There's a lot of functionality in the zeroconf spec that handles name conflicts.
If one node is refusing to budge, the other (well-behaved) node will
pick another
name.
I think I've already said this (not that anyone seems to be listening :) ),
but this is just a naming service. If you're relying
on DNS for security, you need rethink that first.
More information about the ubuntu-devel
mailing list