[OpenAFS-devel] Rx over TCP to solve some NAT & Firewall issues?

[Derrick J Brashear]

you're doing that wide-reply thing. ew.

> > > If we were to make major RPC changes, I'd suggest that we try to move to
> > > DCE rpc, which is quite a lot smarter, and for which there are better
> > > security alternatives, such as SSL authentication. If only we can get the
> >
> > SSL isn't authentication. The name even says so.
>
> You can do authentication with SSL. There is nothing wrong with that. Some
> apps do use SSL authentication. SSL is not _just_ anonymous encryption.

we're arguing semantics. i posit it's authentication on top of, not in,
ssl. anyhow...

> The big advantage is that DCE is meant to use GSSAPI and Kerberos 5.
>
> > DCE rpc is history, IMO, and I'd be content for it to stay that way.
>
> This is a pretty ironic forum to say that. DCE is more recent history than
> RX.

Still sounds like moving from one antique to another;-)

>  And there are still sites using DCE, and the open dce list is active.

I bet more are using AFS, and if you want to argue that it's the
open-sourceness, that more were before there was an OpenAFS.

> > Despite any previous and future grumbling about sunrpc, it seems to at
> > least have an active use base.
>
> I think RX is still better or equivalent to sunrpc.

Well, to pick on simple things, they has true gssapi/kerberos 5 support,
and tcp. if you believe tcp is necessary, you get it.