[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliability of RPC services

From: Bas Wijnen
Subject: Re: Reliability of RPC services
Date: Sun, 30 Apr 2006 04:04:46 +0200
User-agent: Mutt/1.5.11+cvs20060403

On Sat, Apr 29, 2006 at 09:48:43PM -0400, Jonathan S. Shapiro wrote:
> On Sun, 2006-04-23 at 20:14 +0200, Marcus Brinkmann wrote:
> > At Sun, 23 Apr 2006 00:31:14 +0200,
> > Bas Wijnen <address@hidden> wrote:
> > > I do agree with Marcus that UDP-style RPC operations suck, and we want
> > > something better.  To make clear what I (and I think Marcus) want:
> > >   It should be possible to design an application in such a way that it
> > >   can handle potentially malicious servers, other than by not talking to
> > >   them at all.  When the server is found to be malicious, it is the
> > >   user's responsibility to shoot it down.  When that happens, the
> > >   application should be able to recover.  A condition for that is that
> > >   it gets notified about the situation.
> > 
> > This is a good description of my initial motivation.  I agree with
> > Jonathan however that we must be careful not to jump to conclusions.
> Yes. Bas's comment was correct up to the last sentence. The last
> sentence is wrong.

In fact, I was using a "notify" in a very broad sense there.  It included
things like a watchdog or the user sending a message about it.  The thing is
that something must trigger the process to act.  This trigger is what I meant
with a notification.

> A better statement of the requirement is:
>   A condition for that is that the client be able to discover
>   the situation of a malicious server, and that this discovery
>   should occur promptly enough to be pragmatically useful.

This is not what I meant (I assumed that the user, not the client, would
personally need to intervene and kill the server).  But it sounds useful. :-)

> Note that even this cannot be a requirement, since some discoveries of
> malice are things that we foundationally do not know how to accomplish
> within the limits of information theory today.

Yes.  But we can at least detect part of it.  Note that while I wrote
"potentially malicious", I really meant "potentially buggy (or even


I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]