Re: [9fans] security [was Plan 9 versus CORBA?]

[Dan Cross <cross@math.psu.edu>]

In article <20010925133048.C0B6919A0F@mail.cse.psu.edu> you write:
>> From: Dan Cross <cross@math.psu.edu>
>> Date: Mon, 24 Sep 2001 22:27:27 -0400 (EDT)
>> ...
>> A lot of people who are putting in, eg, end-to-end
>> crypto are doing so ``temporarily'' until the problems with the
>> wireless LAN are ``fixed.''
>> What's really needed is a holistic approach, ...
>> But, good luck selling that one.  :-(
>
>But Plan 9 is deliberately a research system, where we have a chance
>to do it right and live in the system we build.

Yes, but I wasn't really refering to Plan 9 in the original message.
It was more generally about 802.11 installations.  Sorry, it was off-
topic and not particularly clear.

>We're working to evolve Plan 9 so all services and protocols are
>sturdy enough to withstand life outside firewalls.  We don't want to
>depend on WEP but on end-to-end authentication and encryption where
>needed.

Ooo...  That's great.

>Besides the upgrades in explicit security mechanisms for Plan 9,
>we still find and fix buffer overflows occasionally.  But there
>are only a few people to work on this at Bell Labs, so I appeal to
>the open source community to apply eyeballs and insight.

I don't think that the buffer overrun problem is really going to
be fixed until security critical software is written in a `safe'
language that's immune to that sort of thing.  (Sorry, Dennis!)

But, at anyrate, I'm happy to peek at the code whenever I get a
chance.  If nothing else, I've found it a good cure for co-worker-
induced stomach aches.  :-)

	- Dan C.