-----BEGIN PGP SIGNED MESSAGE----- Adam Shostack writes:
| > Well, if Leahy passes, DCE is exportable. Anyone know if the | > 'SecureRPC' in DCE is the one BAL broke years back? | | No, they broke Sun's Secure RPC, which is different.
I wasn't aware there were multiple things masquerading under the name Secure RPC.
Yes, there are. The term "RPC" is sometimes used generically, to refer to any remote procedure calling mechanism, but also refers to at least two distinct implementations. The first "RPC" was produced by Sun's Open Network Computing group. This is still the most commonly used, as Sun made the source code available at no cost [1]. Many vendors (including HP) now provide it as a standard part of their UNIX distribution [2]. A transport-independent version, TI-RPC, was later produced, but this doesn't appear to be quite as widely used, though I think it is in Solaris. (Sorry, I don't know of an archive site for this; try Alta Vista et al.) Sun's version of "Secure RPC" includes Unix (uid-based) and (in North America) DES authentication. The basic mechanism can support other authentication schemes as well, though I've never actually heard of any alternative implementations. This is the "Secure RPC" whose key exchange was cryptanalyzed by LaMacchia and Odlyzko [3]. Another "RPC" comes from the Open Software Foundation, who unfortunately chose the same acronym for the remote procedure calling mechanism in their Distributed Computing Environment (DCE). This DCE is a part of the OSF/1 operating system, but implementations are available for many versions of UNIX, often as a separate product or option. The DCE Security Services are discussed a bit in the DCE FAQ [4], and O'Reilly has an entire book on the subject [5]. To confuse matters further, it now seems that Microsoft has added an "RPC" mechanism to Windows NT and 95. This is sort of compatible with OSF DCE RPC, but not entirely; see [4]. In short, it would help to avoid massive confusion if people were more specific: refer to "DCE RPC", "ONC RPC" (or "Sun RPC", if you must :), or "Microsoft RPC", not just to "RPC". - -- Martin Janzen janzen@idacom.hp.com Pegasus Systems Group c/o Hewlett-Packard, IDACOM Telecom Operation [1] Try ftp://bcm.tmc.edu/nfs or ftp://wuarchive.wustl.edu/systems/sun/ sun-exchange/rpc4.0, or a comp.sources.unix archive site. [2] To see if you have it, type "man rpc", or search your C library using something like "nm /lib/libc.a | grep clnt". If it's installed, you should see functions like "clnttcp_create", "clntudp_create", etc. If not, look for a separate librpc.a in /lib, /usr/lib, /usr/local/lib, or what have you -- or ftp it from the archive sites and build your own. [3] Here's the reference, courtesy of Matt Blaze: @article{nfscrack, author = {Brian A. LaMacchia and Andrew M. Odlyzko}, journal = {Designs, Codes, and Cryptography}, pages = {46--62}, title = {Computation of Discrete Logarithms in Prime Fields}, volume = {1}, year = {1991}, } Brian also has a home page, http://www.swiss.ai.mit.edu/~bal/bal-home.html but as my Net connection is flaky right now, I can't tell whether this article is available there. [4] The DCE FAQ is at http://www.osf.org/dce/faq-mauney.html or ftp://ftp.dstc.edu.au/pub/DCE/FAQ. [5] "DCE Security", Wei Hu, O'Reilly, ISBN 1-56592-134-8. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMVm1GG3Fsi8cupgZAQHKkwP/QQaKNEuwuvNo5E+8Myu2P/Dv70Ha4p88 RhtEH11oBH4IjMksqL0J+o8qSOwiBA/bcciW6y8ef1gSgwFxmdbEqGmLftSGjYNU D6r8C5LmSkmmtQuLcXUE+QVEBLIXmnYC0tIwbqprGGm0soQpW0GbzZtgXtrECm0H Vi1bsJ+LEJQ= =3e3P -----END PGP SIGNATURE-----