[Info-vax] Still no IPSEC for TCP/IP services?

Doug Phillips dphill46 at netscape.net
Tue May 22 12:06:04 EDT 2012 

On May 22, 2:23 am, Dirk Munk <m... at home.nl> wrote:
> Steven Underwood wrote:
>
> > "Dirk Munk" wrote in message
> >news:4797c$4fbac358$5ed43999$22551 at cache60.multikabel.net...
>
> >> I'm planning to set up a couple of new OpenVMS systems, and I was
> >> thinking of using IPSEC as well. I was amazed to find that IPSEC is
> >> not included in the present version of TCP/IP services. It was
> >> included in the Early Adopters Kit for TCP/IP services 5.7 in 2007
> >> (!!!!), but it never made it to the final version and wasn't added
> >> later on.
>
> >> As far as I know IPSEC is a mandatory part of IPv6, so the IPv6 stack
> >> of TCP/IP services isn't complete either. It may well be that there is
> >> more modern functionality missing in the IPv6 stack
>
> >> Does any one know what happened, why was HP not capable of producing a
> >> full functional IPSEC stack in 5 years time? Even Windows Vista has
> >> IPSEC........
>
> > Dirk: The EAK is still the only version of IPSEC as far as I have heard.
> > There are very few people (one other, really) asking for it. Your
> > arguments mirror his.
>
> > I personally have no use for IPSEC or IPv6 on VMS or not. That also
> > seems to be the general consensus I seen here toward IPv6 and IPSEC on VMS.
>
> > Steven Underwood
>
> Thanks Steve.
>
> I never liked IP anyway. It seems to be one enormous hobby project where
> lots of people and groups are producing solutions for many different
> problems without any conceptional thinking. The result is mountains of
> RFC's
>
> Encryption is a prime example. If you want to keep your data
> communication secret then you will need encryption. But if you want to
> encrypt your data transport between two nodes, then it looks obvious to
> me that you should want to encrypt all data, and IPSEC does just that
> for IP traffic.
>


I understand why HP wouldn't spend $$$$$$$ to develop something that
can be had for $$. Moving data between two nodes via the internet
requires an appliance at each end, so the connection is not node-to-
node, it's appliance-to-appliance. Any of the appliances I would
consider using for any full-time secure connection have IPsec built-
in.

For some-time/part-time connections, SSL works just fine and is soooo
much easier to manage.

More information about the Info-vax mailing list