one advantage of using 9p to encapsulate the venti rpc would be that authentication would be much easier. also, venti wouldn't require a network stack.
9p doesn't specify the authentication protocol. you could use factotum to authenticate on the venti connection before speaking venti and it would be just as trivial. it's just that no one has felt the need to make venti that much harder to use by throwing authentication into the mix. if you really care about not having a network stack you could write a network equivalent of /srv. but really, who runs without any network stack?
how does one protect venti from unauthorized writes if the announce address isn't on a real network rather than a loopback device?
at the moment, there is no such protection in venti. on the one server where i care a little, i use ip routes to make sure that only the hosts i want to talk to me can talk to me. russ
