Subject: Re: rpc xid randomness
To: None <firstname.lastname@example.org>
From: Jun-ichiro itojun Hagino <email@example.com>
Date: 09/07/2003 04:55:48
> On Sat, Sep 06, 2003 at 03:00:32PM -0400, Thor Lancelot Simon wrote:
> > I don't think it actually does matter. I also know that Larry McVoy
> > measured the overhead of randomizing RPC XIDs (and PIDs, and a number of
> > other things that OpenBSD randomizes) and concluded that it was quite large,
> > for the net benefit (which I believe he correctly characterized as small
> > or, in some cases, nonexistent).
> I agree. If you want secure RPC, then do it the proper way, and import
> the actual authenticated secure RPC code (which will be needed for other
> purposes, like NFSv4, anyway). We don't have it yet, but I think
> at least one of Free/OpenBSD does have it.
that is separate story, IMHO. secure RPC is needed, but unpredictable
id (xid in this case) is also needed.