Subject: Re: rpc xid randomness
To: None <>
From: Jun-ichiro itojun Hagino <>
List: tech-security
Date: 09/07/2003 10:40:21
> > 	when someone can tap the wire and impersonate you by caller ID,
> > 	story goes very different.
> Randomizing transaction IDs does *not* provide any kind of meaningful
> protection against an active attack on the RPC protocol; it just makes
> it very slightly harder.

	why are we using (poorly-designed) pseudorandom number instead of
	sequential number right now?