[Info-vax] DECserver/LAT across DECnet areas?

[Johnny Billquist]

On 2023-07-25 02:06, Arne Vajhøj wrote:
> On 7/24/2023 7:53 PM, Scott Dorsey wrote:
>>                    Not to mention the added overhead from all those 
>> layers.
> 
> Are those layers that bad?
> 
> Sure SSL handshake takes time, but that is not due to the layers
> but due to the nature of the key exchange.

Let me put a question for you? Are there any number of layers, in your 
opinion, where it becomes a problem?

1 layer? 10? 100? 1000? At which point does it become a problem, and 
why? And if you say 100, for example. Why is 99 not a problem, but 100 
is then?

And if everything is depending on TLS to provide security, then it means 
if SSL is compromised, you have no security anywhere suddenly. That's 
the "all eggs in one basket" point.

The fact that TLS supports multiple cryptos does not suddenly make it 
several different baskets.
TLS have a common framework, which is one single piece, and it's also 
always a negotiation between the two sides on cryptos. So if you 
identify a problem with a crypto, it's basically an open exploit 
everywhere where you can negotiate that crypto. Which then would mean 
pretty much everywhere, until that crypto is removed, which will 
certainly take some time for a lot of places.

Yes, if someone else is also using that crypto, even without TLS, then 
yes, that is just as vulnerable. But if they had used TLS, they would 
not have been any less vulnerable. But if they have some other crypto, 
or if the problem found would be in the TLS code itself, then you likely 
dodged that bullet.

Anyway, this thread don't seem to be about VMS much at all anymore, and 
not really contain much of interest in general, so let's lave it to die.

   Johnny