On Sat, 23 Aug 2008 20:37:58 +0200 Dirk Meyer <[EMAIL PROTECTED]> wrote:
> Dirk Meyer wrote: > > Pavel Simerda wrote: > >> On Sat, 23 Aug 2008 18:21:38 +0200 > >> Dirk Meyer <[EMAIL PROTECTED]> wrote: > >>> UPnP is a working choice, but bad. Just google for it. > >> > >> I know what UPnP is. > > > > I mean: google why it is a bad choice :) See below > > This is a good doc: > http://www.gnucitizen.org/blog/hacking-the-interwebs/ > > Automatic access to something without password is a very bad > idea. That is why I want certificates for all my bots. I would have no > problem with a bot on my router opening ports for other bots that have > a valid certificate. There is a difference between a password and a key. There is a difference between a symmetric croptography key and a pair of public/private keys for asymmetric cryptosystems. There is a lot of places where automatic access (read or even write) without a password (or key) is appropriate. These general statements about security are usually false (there is almost always a bunch of cases where it doesn't do any good). Pavel > > Dirk > -- Web: http://www.pavlix.net/ Jabber & Mail: pavlix(at)pavlix.net OpenID: pavlix.net
