[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: HP & Export of DCE
-----BEGIN PGP SIGNED MESSAGE-----
Adam Shostack writes:
> | > Well, if Leahy passes, DCE is exportable. Anyone know if the
> | > 'SecureRPC' in DCE is the one BAL broke years back?
> |
> | No, they broke Sun's Secure RPC, which is different.
>
> I wasn't aware there were multiple things masquerading under the name
> Secure RPC.
Yes, there are. The term "RPC" is sometimes used generically, to refer
to any remote procedure calling mechanism, but also refers to at least
two distinct implementations.
The first "RPC" was produced by Sun's Open Network Computing group. This
is still the most commonly used, as Sun made the source code available
at no cost [1]. Many vendors (including HP) now provide it as a
standard part of their UNIX distribution [2]. A transport-independent
version, TI-RPC, was later produced, but this doesn't appear to be quite
as widely used, though I think it is in Solaris. (Sorry, I don't know
of an archive site for this; try Alta Vista et al.)
Sun's version of "Secure RPC" includes Unix (uid-based) and (in North
America) DES authentication. The basic mechanism can support other
authentication schemes as well, though I've never actually heard of any
alternative implementations. This is the "Secure RPC" whose key exchange
was cryptanalyzed by LaMacchia and Odlyzko [3].
Another "RPC" comes from the Open Software Foundation, who unfortunately
chose the same acronym for the remote procedure calling mechanism in their
Distributed Computing Environment (DCE). This DCE is a part of the OSF/1
operating system, but implementations are available for many versions of
UNIX, often as a separate product or option. The DCE Security Services
are discussed a bit in the DCE FAQ [4], and O'Reilly has an entire book
on the subject [5].
To confuse matters further, it now seems that Microsoft has added an "RPC"
mechanism to Windows NT and 95. This is sort of compatible with OSF DCE
RPC, but not entirely; see [4].
In short, it would help to avoid massive confusion if people were more
specific: refer to "DCE RPC", "ONC RPC" (or "Sun RPC", if you must :),
or "Microsoft RPC", not just to "RPC".
- --
Martin Janzen [email protected]
Pegasus Systems Group c/o Hewlett-Packard, IDACOM Telecom Operation
[1] Try ftp://bcm.tmc.edu/nfs or ftp://wuarchive.wustl.edu/systems/sun/
sun-exchange/rpc4.0, or a comp.sources.unix archive site.
[2] To see if you have it, type "man rpc", or search your C library
using something like "nm /lib/libc.a | grep clnt". If it's installed,
you should see functions like "clnttcp_create", "clntudp_create", etc.
If not, look for a separate librpc.a in /lib, /usr/lib, /usr/local/lib,
or what have you -- or ftp it from the archive sites and build your own.
[3] Here's the reference, courtesy of Matt Blaze:
@article{nfscrack,
author = {Brian A. LaMacchia and Andrew M. Odlyzko},
journal = {Designs, Codes, and Cryptography},
pages = {46--62},
title = {Computation of Discrete Logarithms in Prime Fields},
volume = {1},
year = {1991},
}
Brian also has a home page, http://www.swiss.ai.mit.edu/~bal/bal-home.html
but as my Net connection is flaky right now, I can't tell whether this
article is available there.
[4] The DCE FAQ is at http://www.osf.org/dce/faq-mauney.html or
ftp://ftp.dstc.edu.au/pub/DCE/FAQ.
[5] "DCE Security", Wei Hu, O'Reilly, ISBN 1-56592-134-8.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMVm1GG3Fsi8cupgZAQHKkwP/QQaKNEuwuvNo5E+8Myu2P/Dv70Ha4p88
RhtEH11oBH4IjMksqL0J+o8qSOwiBA/bcciW6y8ef1gSgwFxmdbEqGmLftSGjYNU
D6r8C5LmSkmmtQuLcXUE+QVEBLIXmnYC0tIwbqprGGm0soQpW0GbzZtgXtrECm0H
Vi1bsJ+LEJQ=
=3e3P
-----END PGP SIGNATURE-----