[Info-vax] What would you miss if DECnet got the chop? Was: "bad select 38" (OpenSSL on VMS)

Thu Oct 6 18:39:08 EDT 2016

On 2016-10-06 22:04:01 +0000, Dirk Munk said:

> Stephen Hoffman wrote:
>> On 2016-10-06 14:53:14 +0000, Dirk Munk said:
>> 
>>> Stephen Hoffman wrote:
>>>> On 2016-10-06 07:25:24 +0000, Dirk Munk said:
>>>> 
>>>>> Well then, let me give you a very good reason to scrap....
>>>> 
>>>> Get off of DECnet.
>>> 
>>> The nice thing about DECnet Phase V over IP is that you can use IP DNS
>>> names and thus IP addresses.
>>> 
>>> So dir vsi.com::dka0: works in DECnet Phase V.
>>> 
>>> Build a replacement in pure IP, and tell us when it's ready.
>> 
>> DIRECTORY /FTP works fine without DECnet, and supports domain names.  
>> Available since V6.2.
>> 
>> SFTP support, a decent client for SMB, and, yes, IP-based FAL-like 
>> support would be nice.  Particularly with encryption and authentication.
>> 
>> But DECnet is still dead.
> 
> So the bottom line is that DECnet is dead, but 40 year old DECnet has 
> functionality that today's IP can not offer to VMS. Or am I wrong?

That train left the station ~twenty years ago, too.   It became clear 
to the die-hard DEC DECnet folks that DECnet and OSI were not the path 
the industry was following.    As much as I'd prefer to see DEC having 
been right, following that approach — what you're still trying to do — 
directly led OpenVMS networking to be in such a deep hole, too.   That 
approach fractured the work, and it bled off time and effort that could 
have been spent on the capabilities of the IP stack that became the 
path forward when OSI cratered, as well as the not-inconsequential 
issues around the management and maintenance and user interface for 
DECnet, and a whole host of other issues.

> And that is the problem. To those who claim that we should forget about 
> DECnet, I can only say give use an equivalent IP product with the same 
> functionality as FAL, the same ease of use, even from within 
> commandfiles or applications. As long as you can't offer that, stop 
> telling us to forget about DECnet.

Oddly, the rest of the universe gets by with ssh, netcat, file shares 
and related.    Sure, having an FTP client — or preferably FTPS or sftp 
— embedded into RMS would be nice.

> That other protocol can be just as VMS specific as Multinet's DECnet 
> over IP lines, I don't care. Design it, put it in VMS and perhaps then 
> we can talk about forgetting DECnet.

I don't want to see time spent on DECnet, more time on EDT nor more 
time away from the port and the roadmap.

> Oh yeah, and I don't think is has to be encrypted.

Which is "acceptable" only because OpenVMS lacks that.

If that were another platform, I'd expect you would be very unhappy 
about that omission.

I know auditors already get cranky about telnet and have gotten cranky 
for a decade or more.   Any auditors that knew to ask about or 
otherwise find DECnet would get cranky about that, too.

It's also a case that's contrary to those claims that OpenVMS is a 
secure platform that get posted around here.

> Like I wrote before, a VMS system should be communicating with other 
> VMS systems using IPsec. It will secure *all* IP communication between 
> these systems, no need to do encryption in applications.

Sure.   Can't say I'd spend an iota of that time on DECnet, though.

In short, if you can't do it via IP (somehow, whether ssh or netcat or 
otherwise, preferably encrypted), then either the OpenVMS 
implementation of IP needs help or updates, or find a different way to 
solve the issue.   And yes, maybe even use DECnet in the interim.

-- 
Pure Personal Opinion | HoffmanLabs LLC 