PALLAS@Sushi.Stanford.EDU.UUCP (12/31/86)
Perhaps we can all agree on a few things, and move on to something
more productive. Please note the distinction between concept and
product, which seems to have been the cause of some hot blood.
Sun NFS the concept, supported by Sun RPC the concept, has an
open-ended authentication scheme which allows for any number of
authentication systems, which may be as secure as current technology
allows.
Sun NFS the product, supported by Sun RPC the product, provides only
one authentication system, which is laughably insecure (but not much
less secure than Berkeley's rlogin scheme). Some improvement in the
security could be achieved by making client machines more secure, but
Sun doesn't currently deliver systems with that improvement.
Sun NFS the product is becoming a {\it de facto} standard, with Sun's
encouragement. That standard (the product) does not have a
non-trivial authentication system.
Sun NFS the concept supports only the sequence-of-bytes file model.
Sun RPC is not a transport protocol, it is a presentation/session
protocol, if you insist on trying to use the ISO model. The model
described by Watson in {\it Distributed Systems---Architecture and
Implementation} is better suited to this discussion, in my opinion.
RPC falls into the "service support sublayer" in that model.
Now, the REAL issues are these:
1. Security is important when connecting autonomous systems.
2. Heterogeneous systems tend to present different interfaces to
similar services.
These are not new ideas; they are, in fact, quite ancient.
We should be devoting our efforts to exploring solutions to the
problems that are posed by these issues in the context of computer
systems and networks. Debating the merits of a particular product is
not productive.
joe
P.S. If there's a factual error in the above, I'd appreciate being
informed of it.
-------