On Sun, 2006-04-23 at 20:14 +0200, Marcus Brinkmann wrote: > At Sun, 23 Apr 2006 00:31:14 +0200, > Bas Wijnen <[EMAIL PROTECTED]> wrote:
> > I do agree with Marcus that UDP-style RPC operations suck, and we want > > something better. To make clear what I (and I think Marcus) want: > > It should be possible to design an application in such a way that it > > can handle potentially malicious servers, other than by not talking to > > them at all. When the server is found to be malicious, it is the > > user's responsibility to shoot it down. When that happens, the > > application should be able to recover. A condition for that is that > > it gets notified about the situation. > > This is a good description of my initial motivation. I agree with > Jonathan however that we must be careful not to jump to conclusions. Yes. Bas's comment was correct up to the last sentence. The last sentence is wrong. A better statement of the requirement is: A condition for that is that the client be able to discover the situation of a malicious server, and that this discovery should occur promptly enough to be pragmatically useful. Note that even this cannot be a requirement, since some discoveries of malice are things that we foundationally do not know how to accomplish within the limits of information theory today. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
