> There's a big difference between users delibrately deciding to poke > holes in their firewall, and having the operating system let any > application automatically poke holes without authentication to allow > the action. They deliberately decide to poke holes in their firewall by running a UPNP enabled application. > I'd be perfectly fine with a mechanism that applications could use > which first request permissions to open ports from the user and > notified the user as to which application was making the request, > before ports were dynamically opened. We're talking about an embedded router with no user interface here. You can't do the user prompting there. Which leaves you with doing it client side. I've been toying with writing a NAT-PMP server, and at least with that protocol client support really belongs in a system wide daemon. Like Avahi. This would give you a point at which to prompt the user. But there's nothing in the protocol that ensures a program can't just bypass all that and talk the protocol directly.
Description: This is a digitally signed message part