[Info-vax] Current state of file/disk encryption on VMS

[Stephen Hoffman]

On 2022-09-03 21:22:17 +0000, Alexander Schreiber said:

> I suspect that a lot of those design decisions where made in more 
> innocent times.

The "most secure operating system on the planet" hasn't kept up with the times.

What security features have been added have largely been grafted on, 
too. The digital certificate support is funky to use.

There's little (~no) network security documentation for app developers 
included in the OpenVMS base manuals, and the upstream Open Source 
Security (CDSA, etc)  was long ago deprecated.

Getting a private CA going, and issuing CSRs and signing same, and then 
creating a client-server app that connects to a peer using TLSv1.3 
while verifying client and server certs is my benchmark for 
experiencing the true complexity of what should be (and is) a very 
common task.

Add in a DNS translation or two, include a TLS upgrade, and perform the 
connection via IPv6, for best "fun" here.

Encrypting your data and then using that as part of storing passwords 
and private certs is entirely home-grown, too.

VSI is keeping fairly current with the OpenSSL support, which is a 
refreshing change from years past.

There's a whole lot of work here, and more than many realize.


-- 
Pure Personal Opinion | HoffmanLabs LLC