[Info-vax] DECnet bashing
Arne Vajhøj
arne at vajhoej.dk
Sat Aug 8 21:31:58 EDT 2020
On 8/8/2020 5:41 PM, Grant Taylor wrote:
> On 8/8/20 11:49 AM, Arne Vajhøj wrote:
>> But there are some basis for the criticism.
>
> I naively think that the basis can also serve as guidance on how to do
> things.
>
>> Networking security standards has changed a lot since DECnet was
>> invented.
>
> As have networking solutions.
>
>> It is becoming increasingly difficult to defend any unencrypted
>> network communication when a security audit happens.
>
> I agree that unencrypted communications is bad. But I believe that it's
> possible to add encryption around otherwise unencrypted protocols.
>
> - DECnet Phase-IV put into a GRE tunnel that's IPsec encrypted
> - DECnet Phase-V(+) over TCP/IP that's IPsec encrypted
> - DECnet that is MACsec encrypted
>
> I'm assuming that there is a piece of helper equipment doing the IPsec
> and / or MACsec encryption inside the same locked cabinet.
>
> Outside of the locked cabinet, these are all DECnet and encrypted.
Some mitigation is possible.
But it i sort of a workaround.
Using an application to application encryption using some
standard TCP/IP based protocol is the more straight forward
solution.
Arne
More information about the Info-vax
mailing list