[Info-vax] DECnet Phase IV and VMS code comments

[Stephen Hoffman]

On 2016-11-29 13:25:01 +0000, Simon Clubley said:

> On 2016-11-28, Kerry Main <kemain.nospam at gmail.com> wrote:
>> 
>> I don't think anyone here views 35+ year old DECnet as a strategic 
>> network product.
> 
> ...I only care about the fact that it's still available and enabled on 
> VMS systems running today...

Which is why I'd prefer to see telnet, FTP, DECnet and other giblets 
with explicit security warnings and requiring the system manager to 
override those to enable the mechanisms.   Or entirely removed, and an 
extra-cost add on.

In short, far less DECnet integration with OpenVMS.   Vastly better IP 
integration.  TLS and certificate integration, too.   It's long past 
time to update what was started with OpenVMS V6.2.

Keeping utterly broken designs and interfaces around and accessible 
"for compatibility" is short-sighted and hazardous, at best.   But then 
I'm being polite.   Customers will always want to avoid making changes, 
but they can and do need to make at least some.    Customers — most of 
them — aren't experts in this sort of stuff, and what is available is 
hard to use, variously not used, and is poorly integrated.   Even 
within OpenVMS itself.  Which is why we still see configurations where 
DECnet, telnet and FTP are commonly used, if not the primary network 
transports...   Which means folks can get shellacked — and do, and have 
gotten shellacked, and without attackers bothering to use ROP or 
needing to bypass ASLR or otherwise...



-- 
Pure Personal Opinion | HoffmanLabs LLC