1996-03-28 - Re: HP & Export of DCE

Header Data

From: Martin Janzen <janzen@idacom.hp.com>
To: cypherpunks@toad.com
Message Hash: aa24d1b9e04a6d80e03d8cb0a68ae4602cc2be561c75850bae857970291b310a
Message ID: <9603272138.AA03891@sabel.idacom.hp.com>
Reply To: <199603271619.LAA08716@homeport.org>
UTC Datetime: 1996-03-28 05:58:54 UTC
Raw Date: Thu, 28 Mar 1996 13:58:54 +0800

Raw message

From: Martin Janzen <janzen@idacom.hp.com>
Date: Thu, 28 Mar 1996 13:58:54 +0800
To: cypherpunks@toad.com
Subject: Re: HP & Export of DCE
In-Reply-To: <199603271619.LAA08716@homeport.org>
Message-ID: <9603272138.AA03891@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack writes:
> | > Well, if Leahy passes, DCE is exportable.  Anyone know if the
> | > 'SecureRPC' in  DCE is the one BAL broke years back?
> | 
> | No, they broke Sun's Secure RPC, which is different.
> I wasn't aware there were multiple things masquerading under the name
> Secure RPC.

Yes, there are.  The term "RPC" is sometimes used generically, to refer
to any remote procedure calling mechanism, but also refers to at least
two distinct implementations.

The first "RPC" was produced by Sun's Open Network Computing group.  This
is still the most commonly used, as Sun made the source code available
at no cost [1].  Many vendors (including HP) now provide it as a
standard part of their UNIX distribution [2].  A transport-independent
version, TI-RPC, was later produced, but this doesn't appear to be quite
as widely used, though I think it is in Solaris.  (Sorry, I don't know
of an archive site for this; try Alta Vista et al.)

Sun's version of "Secure RPC" includes Unix (uid-based) and (in North
America) DES authentication.  The basic mechanism can support other
authentication schemes as well, though I've never actually heard of any
alternative implementations.  This is the "Secure RPC" whose key exchange
was cryptanalyzed by LaMacchia and Odlyzko [3].

Another "RPC" comes from the Open Software Foundation, who unfortunately
chose the same acronym for the remote procedure calling mechanism in their
Distributed Computing Environment (DCE).  This DCE is a part of the OSF/1
operating system, but implementations are available for many versions of
UNIX, often as a separate product or option.  The DCE Security Services
are discussed a bit in the DCE FAQ [4], and O'Reilly has an entire book
on the subject [5].

To confuse matters further, it now seems that Microsoft has added an "RPC"
mechanism to Windows NT and 95.  This is sort of compatible with OSF DCE
RPC, but not entirely; see [4].

In short, it would help to avoid massive confusion if people were more
specific: refer to "DCE RPC", "ONC RPC" (or "Sun RPC", if you must :),
or "Microsoft RPC", not just to "RPC".

- --
Martin Janzen           janzen@idacom.hp.com
Pegasus Systems Group   c/o Hewlett-Packard, IDACOM Telecom Operation

[1] Try ftp://bcm.tmc.edu/nfs or ftp://wuarchive.wustl.edu/systems/sun/
sun-exchange/rpc4.0, or a comp.sources.unix archive site.

[2] To see if you have it, type "man rpc", or search your C library
using something like "nm /lib/libc.a | grep clnt".  If it's installed,
you should see functions like "clnttcp_create", "clntudp_create", etc.
If not, look for a separate librpc.a in /lib, /usr/lib, /usr/local/lib,
or what have you -- or ftp it from the archive sites and build your own.

[3] Here's the reference, courtesy of Matt Blaze:

   author = {Brian A. LaMacchia and Andrew M. Odlyzko},
   journal = {Designs, Codes, and Cryptography},
   pages = {46--62},
   title = {Computation of Discrete Logarithms in Prime Fields},
   volume = {1},
   year = {1991},

Brian also has a home page, http://www.swiss.ai.mit.edu/~bal/bal-home.html
but as my Net connection is flaky right now, I can't tell whether this
article is available there.

[4] The DCE FAQ is at http://www.osf.org/dce/faq-mauney.html or

[5] "DCE Security", Wei Hu, O'Reilly, ISBN 1-56592-134-8.

Version: 2.6.2