Hm, in my naivety I did not account for Venus being bypassed. Or do I misunderstand? Is it really possible to open a file without consulting with Venus?
I was a bit off here, but there seem to be issues. See NetBSD's src/sys/coda/coda_vnops, and look at coda_open - this always calls venus_open. But then look at coda_access, which has an implicit assumption that there is only one user. The namecache may have similar issues where one could traverse a directory tree, although perhaps not open a file. There is the opposite issue as well, I want to be able to use Coda realms which do not employ IPsec. I think I can trust some of them :) though definitely not the network in between... As long as we're clear that rpc2 cryptography needs to be fixed before you can have confidence in the system, I'm in agreement.