[Info-vax] What would you miss if DECnet got the chop? Was: "bad select 38" (OpenSSL on VMS)

Sun Sep 18 04:35:25 EDT 2016

Paul Sture wrote:
> On 2016-09-17, David Froble <davef at tsoft-inc.com> wrote:
>> Stephen Hoffman wrote:
>>>
>>> I'd be seriously tempted to announce the deprecation and eventual
>>> removal of DECnet, for that matter.
>>
>> Booo!  Hisssss!
>>
>> Ok, we know it's not secure.  Run at your own risk.
>>
>> I'm guessing that DECnet users use it only in house, for FAL and such, so if the
>> in house environment is secure, then security isn't an issue for DECnet.
>>
>> If it's not going to take up time and effort, then why kill it off?
>>
>> I personally find it can be useful.
>>
>> It sure is handy when you need to shutdown and re-start TCP/IP on a remote (but
>> in house) system.
>
> I'd certainly miss one or two things that DECnet does:
>
> o - the ability to do a SET HOST 0 /LOG= to get a log / audit trail of software
>     installations and configuration sessions.   Yes, many terminal emulators can
>     do logging, but those logs aren't on the target system.
>
> o - using DECnet as a means of placing BACKUP savesets on another node, and
>     restoring them from other nodes (where 'other' can be either local or
>     remote).
>
> o - DECnet tasks.  Useful but I haven't seen many customers use these.
>
> o - FAL
>

First of all, which DECnet do you mean?  DECnet Phase IV should have 
been abandoned years ago, DECnet Phase V has been the successor for 
years now, but many DECnet users are just to plain lazy to learn how it 
works. They took a look at the UI, concluded that is was very different 
from the NCP commands of Phase IV, and just gave up. Or are they too 
stupid to understand it?

Has no one ever noticed the analogy between Windows and VMS in this 
respect? Windows uses Netbios over IP the same way VMS can use DECnet 
Phase V over IP. Or have you ever heard of Microsoft abandoning Netbios 
in favour of plane IP stuff like FTP etc. ?

Besides DECnet we also have cluster traffic. It is also insecure. So 
let's just abandon VMS clusters as well???

DECnet and cluster traffic can both use IP for transport. How to make 
that traffic very secure? It is so simple, use IPsec! But when I 
proposed that in this forum, it was made very clear that I'm an idiot to 
propose the only way to encrypt IP traffic that has an real 
architectural idea behind it, instead of the many hobby solutions like 
SSL, SSH etc.

But again, you must make an afford to implement IPsec, and we don't want 
to do that. Quick and dirty solutions that are prone to lots of 
maintenance on the application level are much and much better. Thinking 
in layers, whereby encryption is part of the network and has nothing to 
do with applications, idiotic.

So yes, you can use all the nice features DECnet has to offer, but no 
one cares to deal with these days. And you can use it in a safe way as 
well. Oh yeah, and remember, DECnet is deeply embedded in VMS, VMS was 
build around the idea of networking with DECnet. You do remember how 
full VMS file specifications looks?

node::disk:{directory}file.extension.version

It start with node::

Try that with plain IP.

Some one recently wrote a article about the status of IPv6, and about 
the status of RFC's . It was shocking to read what an enormous mess it 
is. That is the problem with IP, it is one enormous out of hand hobby 
project with lots of overlapping poorly defined 'standards' that are 
really no standards at all (!!).  It is exactly what we should not have 
in times that well structured security and dependable network 
communication is of the utmost importance.