5.1 Security Considerations for Implementers

Security considerations for both unauthenticated and authenticated RPC used in this protocol are specified in [MS-RPCE].

The client fails over to unauthenticated RPC when authenticated RPC fails for backward compatibility, as specified in section 3.1.3. The unauthenticated RPC is not as secure as authenticated RPC; the client is recommended to either audit or support this automatic failover only when it is explicitly specified.