[Info-vax] Rethinking DECNET ?
Dirk Munk
munk at home.nl
Mon Sep 1 17:45:00 EDT 2014
David Froble wrote:
> Dirk Munk wrote:
>> David Froble wrote:
>>> Simon Clubley wrote:
>>>> On 2014-08-31, VAXman- @SendSpamHere.ORG <VAXman- at SendSpamHere.ORG>
>>>> wrote:
>>>>> In article <ltscu4$1le$2 at dont-email.me>, Simon Clubley
>>>>> <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>>>>>> On 2014-08-30, JF Mezei <jfmezei.spamnot at vaxination.ca> wrote:
>>>>>>> DECNET offers some neat stuff and security.
>>>>>>>
>>>>>> DECnet most certainly does _not_ offer security - it's an unencrypted
>>>>>> data stream.
>>>>> Just like TCP/IP.
>>>>>
>>>>
>>>> DECnet is a whole range of protocols just like TCP/IP is and while
>>>> the basic TCP and IP layers do not have encryption built in, there
>>>> are other layers, within the protocol stack, which do give you that
>>>> capability. You can even choose per-site or per-session encryption
>>>> as you wish.
>>>>
>>>> DECnet has no such equivalent to those protocol layers.
>>>>
>>>> Simon.
>>>>
>>>
>>> I would suggest that SSL is not part of TCP/IP. Of course people can
>>> choose to group things as they wish. But, Brian is correct, TCP/IP does
>>> not have encryption, except as layered on top of TCP/IP, and I'll argue
>>> that it's a separate product.
>>
>> TCPIP does have encryption, IPsec. It encrypts >>all<< IP traffic. It
>> is not part of the original IP setup, but if your IP stack has it, you
>> can have total encryption.
>
> And there-in lies the problem. HP's TCP/IP on VMS does not support
> IPsec. Remember, this is c.o.v ....
>
> PErsonally, I think IPsec is great. I haven't paid much attention to
> any security flaws, since as a VMS user, it would not matter to me.
You're right, and that is why I'm of the opinion that getting the IPv4
and IPv6 stacks (incl. IPsec) in order is one of the most important
tasks now.
Yes, IPv6 too. It is gaining momentum, Belgium is word record holder
with 30% of all internet connections having IPv6, and the percentage is
rising quite fast.
I will go further than that, in my opinion IPsec should be mandatory for
a VMS cluster with cluster traffic over IP. At the moment IP cluster
traffic can be encrypted with SSH (AFAIK). Of course it should have been
IPsec from the beginning, SSH is a hobby solution compared with IPsec.
More information about the Info-vax
mailing list