[Info-vax] Command Procedure Pipe output to a variable
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Sep 6 08:24:37 EDT 2021
On 2021-09-03, Dave Froble <davef at tsoft-inc.com> wrote:
> On 9/3/2021 2:30 PM, Simon Clubley wrote:
>>
>> In the 1980s, DECnet's good points outweighed its bad points.
>>
>> In the changed world of 2021, that is no longer true.
>>
>
> Might I suggest that DECnet is as good as it's ever been. What you're
> calling "bad points" is more like an omission than a bad point.
>
The world changed David, but DECnet did not.
Just one example: the implementation of proxies in DECnet opens up
a _massive_ security hole in today's world as DECnet was designed
in a world where you assumed 100% trust in the network and in all
the devices attached to it.
This is because there are no shared secrets or certificates between
the nodes which have proxies between them so it is trivial for someone
with any access to the network to impersonate a DECnet node, if they
manage to disable the real node (to avoid conflicting MAC addresses
and to avoid responses from the real node) or if the real node is not
online all the time.
The idea that a machine can impersonate a server simply by using the
same network address without needing any other information such as
certificates or shared secrets is unacceptable today.
Outside of that, DECnet itself is about as secure as Telnet or plain
FTP and we all know how those two protocols are regarded on internal
networks these days...
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list