[Info-vax] OpenVMS V9.0-C Released July 29th
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Tue Aug 4 00:45:26 EDT 2020
On 2020-08-03, Phillip Helbig (undress to reply) <helbig at asclothestro.multivax.de> wrote:
>
> (and a DECnet proxy is no worse than having an
> SSH key in place).
>
Huh ???
SSH keys are an excellent example of a shared secret - you need to
steal the shared secret before you can even think of impersonating
a person/node.
DECnet proxies OTOH are an absolute joke in today's world and may
even be worse then sending the password in the clear. This is because
there are no shared secrets between DECnet nodes.
As such, there is _no_ impersonation protection with DECnet proxies.
All you need is the DECnet address of the node you wish to impersonate.
IOW, anyone can pretend to be an existing DECnet proxy node.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list