New ZeroConf Spec
cmsj at tenshu.net
Thu Jul 27 12:20:12 BST 2006
On 11:51:41 am 27/07/2006 "Dan Kegel" <dank at kegel.com> wrote:
> something, and use hostnames to identify resources. (For instance,
> ssh, cups, and web browsers.) I think those two facts together mean
ssh uses keys to identify hosts, surely? Change my server's hostname with
some tricky spoofing or mDNS shenaniganery and my ssh client will refuse to
let me log in anymore. This would be true for https or any other service
that claims to be secure.
> So, when we switch on Avahi and enter the brave new world of
> meaningless hostnames, how will we know which services to trust?
I have been intrigued by this thread, so last night I decided to install
avahi and some related stuff on my laptop. Actually the package I selected
was the gnome service discovery applet and that pulled in avahi, but
crucially it did not pull in zeroconf. I was a little confused about that,
but then realised that (of course), zeroconf is just about ad-hoc
networking and that that is not all there is to mDNS.
Having installed and loaded the applet, I poked around its configs and it
seemed that the default list of things it would look for was pretty
reasonable, just application stuff, rather than DNS and so on. I expect
that this may be different for the underlying avahi-daemon, but it made me
think that this argument could easily go away if the machine is selective
about what mDNS stuff it pays attention to.
zeroconf and DNS discovery ought to really be controlled via the network
admin interface (so one can select static/dhcp/zeroconf).
If installing avahi doesn't pull in things like libnss-mdns (which it
currently doesn't) then hostnames can't get polluted, right?
If so, then other than any exploits in avahi-daemon itself, Ubuntu can
control which services it discovers in a sane manner. I would think that
discussions along this line would be more useful than the current
back-and-forth of bizarre analogies about gates and doors ;)
cmsj at tenshu.net
More information about the ubuntu-devel