[Info-vax] Rethinking DECNET ?
Jan-Erik Soderholm
jan-erik.soderholm at telia.com
Tue Sep 2 05:36:45 EDT 2014
Johnny Billquist wrote 2014-09-02 11:25:
> On 2014-09-01 23:45, Dirk Munk wrote:
>> David Froble wrote:
>>>
>>> And there-in lies the problem. HP's TCP/IP on VMS does not support
>>> IPsec. Remember, this is c.o.v ....
>>>
>>> PErsonally, I think IPsec is great. I haven't paid much attention to
>>> any security flaws, since as a VMS user, it would not matter to me.
>>
>> You're right, and that is why I'm of the opinion that getting the IPv4
>> and IPv6 stacks (incl. IPsec) in order is one of the most important
>> tasks now.
>>
>> Yes, IPv6 too. It is gaining momentum, Belgium is word record holder
>> with 30% of all internet connections having IPv6, and the percentage is
>> rising quite fast.
>>
>> I will go further than that, in my opinion IPsec should be mandatory for
>> a VMS cluster with cluster traffic over IP. At the moment IP cluster
>> traffic can be encrypted with SSH (AFAIK). Of course it should have been
>> IPsec from the beginning, SSH is a hobby solution compared with IPsec.
>
> Well, if VMS gets IPv6, then it will get IPsec, since that is mandatory for
> IPv6...
>
> Johnny
>
Note that RFC6434 (replaced RFC 4294) changed the wording from
MUST to SHOULD (that is, from REQUIRED to RECOMMENDED).
Previously, IPv6 mandated implementation of IPsec and recommended the
key management approach of IKE. This document updates that
recommendation by making support of the IPsec Architecture [RFC4301]
a SHOULD for all IPv6 nodes...
This document recognizes that there exists a range of device types
and environments where approaches to security other than IPsec can be
justified. For example, special-purpose devices may support only a
very limited number or type of applications, and an application-
specific security approach may be sufficient for limited management
or configuration capabilities. Alternatively, some devices may run
on extremely constrained hardware (e.g., sensors) where the full
IPsec Architecture is not justified.
So saying "mandatory" is, as far as I understand not fully correct.
Jan-Erik.
More information about the Info-vax
mailing list