[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote execution / application migration

forsyth@plan9.cs.york.ac.uk sez:
>even set top boxes need proper authentication.

Yes, although it's likely to be a closed-enough environment that lesser
security is acceptable.

On the other hand, I'd prefer that this "lesser security" mean that the
standard protocol (whatever it turns out to be) is simply using fewer
bits in the keys, and not that it's a different security mechanism

> ... it is admittedly hard to decide sometimes which things in the
>ftp distribution really are demos and which are meant to be taken as
>full system services.

Yeah, and I'm puzzled why one of the developers doesn't speak up and
clarify this.

Right now, it's pretty easy to erase any strokes that are made and
replace them with something different---but soon those strokes will
be made part of other people's applications and the stroke will be
indelible.  That's why it's so important to make sure it's the best
possible choice we know how to make---and I'm not convinced that the
current rstyx/rcmd protocol is secure at all, much less that it's
the best choice.

Moreover, note that it is part of the standard lib/srv services---you
can't choose to turn it off if you don't like it.

I'm concerned that there are a lot of critical network security issues
that still haven't been worked out---for example, I haven't been able
to figure out how to build a secure cage for a potentially hostile
module, and that's described as one of Inferno's great strengths.  (I
know, you shouldn't run it if you haven't validated the signature, but
in the real world sometimes you have to.  And how do you sign a module,

>after i posted the note, i thought you'd say that (because it's true) ...

Glad to be so predictible...  (;-)

-- Greg