[Info-vax] VSI has released 9.2-1

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Jun 19 08:20:33 EDT 2023 

On 2023-06-16, Arne Vajhøj <arne at vajhoej.dk> wrote:
> On 6/16/2023 8:21 AM, Simon Clubley wrote:
>> On 2023-06-15, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>> Lots of useful stuff (I don't get the entropy thing - sure it is
>>> important, but there are many other things more important IMHO).
>> 
>> The entropy stuff is a critical part of getting "the world's most
>> secure operating system" actually back up the standards of modern
>> operating systems. Before this, random number generation on VMS
>> was hopeless from a security point of view.
>> 
>> It's also vital that it's in x86-64 VMS _before_ the first commercial
>> releases so that software that should be using it can rely on it actually
>> being present so it does get used in code.
>> 
>> The amount of effort that VSI are spending on this, at this point in time,
>> is well justified.
>
> How many more VMS licenses will VSI sell because of that feature?
>
> My guess: zero.
>

This is not about selling new systems. This is about being a part of
work to make sure that existing sites don't get forced to move away
from VMS because VMS no longer meets the industry standard security standards.

You can have a nice piece of software running on VMS, but that's no
good unless those VMS systems are secure by modern standards. VMS systems
_WILL_ be dropped in many areas if they are regarded as no longer being
secure by today's standards.

> The OpenSSL maintainers may be happy that they get better entropy
> with less code.
>

Replace "better entropy" with "now-acceptable entropy". The new entropy
engine running within the kernel offers a brand-new capability for VMS
that is considered to be standard elsewhere.

To put this another way, the previous solutions for generating entropy
within user mode that I am aware of were not suitable by today's standards.

Look at previous discussions here about trying to find sources to get
a bit more entropy while running in user mode.

> The security interested people may think it is nice to get
> better entropy.
>
> But when it comes to sales I see zero extra sale.
>

I am not exactly a fan of some things that VSI are doing :-), but this
is one thing I _strongly_ agree with and it was a pleasant surprise to
see VSI spending the time to implement this. Well done to VSI.

Maybe I am seeing something here you are missing ?

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.

More information about the Info-vax mailing list