Subject: Re: rpc xid randomness
To: None <tls@rek.tjls.com>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-userlevel
Date: 09/07/2003 10:40:21
> > 	when someone can tap the wire and impersonate you by caller ID,
> > 	story goes very different.
> Randomizing transaction IDs does *not* provide any kind of meaningful
> protection against an active attack on the RPC protocol; it just makes
> it very slightly harder.

	why are we using (poorly-designed) pseudorandom number instead of
	sequential number right now?

itojun