gpg: Signature made Mon Apr 24 20:11:33 2006 UTC using DSA key ID 6554A22D
gpg: Good signature from "Matthew John Toseland (Toad) <toad@amphibian.dyndns.org>"
But it has to be the default behaviour, or it's useless. Non-idiotic
users will just use dyndns. I suppose we can ask users if they have a
LAN with untrusted users...?
On Mon, Apr 24, 2006 at 07:46:58PM +0000, NextGen$ wrote:
> * Matthew Toseland <toad@???> [2006-04-24 20:33:38]:
>
> > On Mon, Apr 24, 2006 at 07:31:30PM +0000, NextGen$ wrote:
> > >
> > > As I said previously, I don't think that Up&p support is a good idea :/
> > >
> > > It's the eternal tradeoff between hidding a node and ease to use. If we
> > > implement UP&P support, I strongly suggest that we implement Bonjour support
> > > (apple's discovery protocol) too. And possibly Zeroconf
> >
> > What's the problem? We're only talking to the router, right?
>
> No :)
>
> do you know how up&p works ? it's using multicast : every one willing to will
> get informations on the lan. Moreover, UP&P allows hackers to do really nasty
> things. You know, what arp spoofing/ICMP redirect attacks are ? UP&P allows you do to
> nastier things, more easily.
>
> I don't know what to blame : the protocol or implementations. But in any
> case, it's definily YetAnotherAttackVector until we have some MiM attack
> protection... And even with it : It will be a convenient way to prevent
> someone from using freenet on a "shared" lan.
>
> ... As long as it remains optionnal and NOT the default behaviour, I don't
> mind... The problem is that if it's not the default behaviour, it's pointless
> ;)
--
Matthew J Toseland - toad@???
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
