[OpenAFS-devel] Rx over TCP to solve some NAT & Firewall issues?

Dean Anderson dean@av8.com
Thu, 20 Nov 2003 23:35:36 -0500 (EST)


On Thu, 20 Nov 2003, Derrick J Brashear wrote:

> On Thu, 20 Nov 2003, Dean Anderson wrote:
>
> > If we were to make major RPC changes, I'd suggest that we try to move to
> > DCE rpc, which is quite a lot smarter, and for which there are better
> > security alternatives, such as SSL authentication. If only we can get the
>
> SSL isn't authentication. The name even says so.

You can do authentication with SSL. There is nothing wrong with that. Some
apps do use SSL authentication. SSL is not _just_ anonymous encryption.

The big advantage is that DCE is meant to use GSSAPI and Kerberos 5.

> DCE rpc is history, IMO, and I'd be content for it to stay that way.

This is a pretty ironic forum to say that. DCE is more recent history than
RX.  And there are still sites using DCE, and the open dce list is active.
The only obstacle is the current DCE source license is free only for
non-commercial use.  The Open Group is trying to change it to GPL, and 3
of the 4 primary vendors have signed off on this. The forth is still
thinking about it.

DCE RPC has a spec for doing CORBA over DCE RPC, basically offering all
the DCE naming and security features to CORBA, which lacks these features.

> Despite any previous and future grumbling about sunrpc, it seems to at
> least have an active use base.

I think RX is still better or equivalent to sunrpc.

> Rx was in a separate distribution before there was an OpenAFS. Didn't
> help.

But back then, people were a lot more enschanted with sunrpc.  But if RX
were "sexed up" with java support, or some bs, it might get more
interest...

		--Dean