l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliability of RPC services

From: Jonathan S. Shapiro
Subject: Re: Reliability of RPC services
Date: Sat, 29 Apr 2006 21:48:43 -0400 
On Sun, 2006-04-23 at 20:14 +0200, Marcus Brinkmann wrote:
> At Sun, 23 Apr 2006 00:31:14 +0200,
> Bas Wijnen <address@hidden> wrote:

> > I do agree with Marcus that UDP-style RPC operations suck, and we want
> > something better.  To make clear what I (and I think Marcus) want:
> >     It should be possible to design an application in such a way that it
> >     can handle potentially malicious servers, other than by not talking to
> >     them at all.  When the server is found to be malicious, it is the
> >     user's responsibility to shoot it down.  When that happens, the
> >     application should be able to recover.  A condition for that is that
> >     it gets notified about the situation.
> 
> This is a good description of my initial motivation.  I agree with
> Jonathan however that we must be careful not to jump to conclusions.

Yes. Bas's comment was correct up to the last sentence. The last
sentence is wrong. A better statement of the requirement is:

  A condition for that is that the client be able to discover
  the situation of a malicious server, and that this discovery
  should occur promptly enough to be pragmatically useful.

Note that even this cannot be a requirement, since some discoveries of
malice are things that we foundationally do not know how to accomplish
within the limits of information theory today.

shap
reply via email to
[Prev in Thread] Current Thread [Next in Thread]