New ZeroConf Spec

Dick Davies rasputnik at
Mon Jul 24 19:48:19 BST 2006

On 21/07/06, Hervé Fache <Herve at> wrote:

> An example that comes to my mind, please correct if I am wrong, is
> printers. A rogue machine could advertise a printer, and you decide to
> use it. You then end up printing your confidential document on your 15
> years old neighbour's printer...

If it's a sensitive document, and you don't trust the network, then you should
be printing over SSL . In which case you notice the other end is broken.

> A machine could pretend being a router, and you end up having all your
> data going through your 15 years old neighbour's father who is trying
> to get your banking card details.

That can happen with any untrusted network if you're using DHCP.
No-one seems bothered by that.

> DNS is why I am interested in ZeroConf. Again, what happens if the
> machine you know as, say, 'Everest', is down, and your neighbour's
> wife machine is intentionally (or not?) called Everest too, and on the
> same network?

There's a lot of functionality in the zeroconf spec that handles name conflicts.
If one node is refusing to budge, the other (well-behaved) node will
pick another

I think I've already said this (not that anyone seems to be listening :) ),
 but this is just a naming service. If you're relying
on DNS for security, you need rethink that first.

More information about the ubuntu-devel mailing list