New ZeroConf Spec

[James "Doc" Livingston]

On Thu, 2006-07-27 at 03:51 -0700, Dan Kegel wrote:
> I think what you're saying is "hostnames are useless for security with mDNS",
> and I agree.

I agree too. But I also think that hostnames (by themselves) are fairly
useless for security with normal DNS.


> Currently, many applications assume that hostnames actually mean something,
> and use hostnames to identify resources.  (For instance, ssh, cups,
> and web browsers.)  I think those two facts together mean that
> anyone who uses ssh, cups, or web browsers probably shouldn't use mDNS.

For authentication of host identity (which is what I assume you mean by
hostname security) SSH uses RSA/DSA keys to ensure the host you're
connecting to is the right one. HTTPS uses X.509 certificates for a
similar purpose.

If you're using normal HTTP, you can't be sure that you're connecting to
the site you think you are. There are many points along the line where
someone can alter DNS records, from a machine on the local network
snooping and spoofing repies, to upstream DNS cache poisoning, and
deliberate acts of hijacking by your ISP[0].


> So, when we switch on Avahi and enter the brave new world of
> meaningless hostnames, how will we know which services to trust?

The same way you know which services to trust with normal DNS: having
the hosts provide some form of proof-of-identity, like digital
certificates, shared passwords or public-key authentication.


[0] during an "Australian Idol" TV final a while back, they left off the
trailing .au of the winner's site - the site they named (on prime-time
commercial TV) was that of a deceased male porn star. Australia's
largest ISP altered their response to dns requests for the .com site to
point to the .com.au one.


Cheers,

James "Doc" Livingston
-- 
If you have any trouble sounding condescending, find a Unix user to show
you how it's done. - Scott Adams