New ZeroConf Spec
Andrew Jorgensen
andrew.jorgensen at gmail.com
Thu Jul 27 00:58:34 BST 2006
On 7/26/06, Dan Kegel <dank at kegel.com> wrote:
> On 7/26/06, Travis Watkins <alleykat at gmail.com> wrote:
> > > Anyone who knows anything about network security
> > > should agree that mDNS should only be used on
> > > trusted networks. But how are we to know Ubuntu
> > > is going to be installed on a safe network?
> > > What if it's in a room full of Windows boxes, seething
> > > with malware? Do we really want to trust every
> > > packet that comes via mDNS from those machines?
> >
> > Following that reasoning if what Lennart says is true about dhclient
> > we shouldn't have DHCP either because the network might be full of
> > Windows boxes, seething with malware.
>
> Just because the barn window is open doesn't
> mean it's a good idea to open the barn door.
> It makes it harder to secure the barn later.
The point is that it's the other way around. dhclient is the barn
door, avahi is that little window up at the top. The no-open-ports
policy is already being violated for the sake of greater convenience
in at least one way (DNS) and in the majority of cases at least one
more way (DHCP) which is in fact very very dangerous. mDNS is the
least of your worries and gives a huge benefit in making things just
work.
More information about the ubuntu-devel
mailing list