How about employing TLS for private DBus connections ?

[Simon McVittie]

On Sat, 06 Oct 2018 at 15:27:42 -0700, L A Walsh wrote:
> On 8/24/2018 3:43 AM, rony wrote:
> > TLS would take care of encryption already.
> ---
>    While TLS may be needed over some networks, there are private or
> home networks, where it wouldn't be needed.
> 
>    Why can't the networks be graded as private, corporate or public
> so rules can be applied as needed for the specific security situation?
> 
>    This has worked for years on MS networks, so certainly it
> should be good enough for linux.

This is not really comparable, because Microsoft control every aspect
of their operating system. The maintainers of dbus don't control every
aspect of a single Linux distribution, let alone every implementation
of Linux, *BSD, Darwin and all the other platforms the reference
implementation of D-Bus is meant to work on.

There are certainly implementations of networks marked as private,
corporate or public on Linux systems - firewalld does that, for example -
but not every user of dbus uses firewalld (and firewalld itself relies
on D-Bus, so it would be a circular dependency if dbus relied on it).

Microsoft presumably also pay multiple people to develop and maintain
their IPC systems; I am not aware of any dbus contributor who works on
it full-time. (I certainly don't.)

If this is not acceptable to you, either don't use dbus, or help us.
When we try to set a realistic scope for what we can support, telling us
that we are not doing enough is not constructive.

    smcv