New ZeroConf Spec
Florian.Zeitz at gmx.de
Thu Jul 27 10:11:43 BST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Dan Kegel schrieb:
> I'm getting the distinct impression that everybody on this
> list has given up with respect to security, and feels
> that if Zeroconf means the system will be insecure,
> so be it -- it's so convenient it's worth the increased risk.
> Can't say I didn't warn you.
> - Dan
Okay, I said I'd stay out of this discussion on list from now, but your
way of arguing is just wrong in so many ways I have issues staying quite
(also you will notice I have changed my opinion somewhat):
So lets look at what semi-open ports we have right now:
1. DNS - allows sending any packet addressed to any ip to any other
mashine of the attackers which
2. DHCP - makes 1. possible by telling machines it's dns server. Can
configure networks in non working ways.
What we want to get:
avahi - can show you services which *might* be unsecure if you use them.
Now compare that. Do you really thing we open a door compared to a
window or isn't it more like opening a window compared to a gate with a
big "Hack me" sign above it.
An insecure network will always be insecure. To have the perfect
security you think you'll get if you don't enable zeroconf just don't
use a network. You might want to start advocating to remove dhcp from
ubuntu and make the user manually configure his network, which
especially new users won't be very capable of. This would make your
arguments somewhat more understandable
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
-----END PGP SIGNATURE-----
More information about the ubuntu-devel