[Info-vax] The continued ham-stringing of IPsec/VMS - Cui Bono? - TUDs - Bobby Ewing

[Arne Vajhøj]

Richard B. Gilbert wrote:
> Arne Vajhøj wrote:
>> Richard B. Gilbert wrote:
>>> Bob Koehler wrote:
>>>> In article <hc05rh$c4f$1 at news-01.bur.connect.com.au>, "Richard 
>>>> Maher" <maher_rj at hotspamnotmail.com> writes:
>>>>> So while it's great to see IPsec doing a Bobby Ewing and getting to 
>>>>> live
>>>>> another day, I just cannot understand how it could possibly take 
>>>>> another 12
>>>>> months to certify code that is already there, and will already have 
>>>>> shipped
>>>>> in H1 2010 with TCP/IP 5.7.
>>>>>
>>>>> Can someone please explain to me what obstacles are preventing 
>>>>> IPsec from
>>>>> being supported in H1 2010 with VMS 8.4?
>>>>
>>>>    I don't work for HP, but testing and certification of reliable code
>>>>    across a great many hardware platforms takes time.  I would not like
>>>>    to see VMS Engineering start cutting corners on testing.
>>>
>>> Which "great many" hardware platforms are we talking about?  I count 
>>> three: VAX, Alpha, and Itanic.  And I'd be willing to dispense with 
>>> Itanic!  If you have to test with every processor speed, every memory 
>>> size, every combination of I/O devices. . . .
>>
>> 3 architectures
>> different NIC's
> 
> Isn't the NIC the responsibility of the driver?  It simply sends what 
> it's told to send and listens for traffic addressed to it.  Wouldn't 
> IPSEC encryption be done before the NIC and the driver got involved?
> 
>> different number of NIC's
>> single CPU and multi CPU systems
> 
> Such systems have existed for many years.  Traffic on multiple hardware 
> links can be encrypted nearly as easily as on a single link.  A slow CPU 
> and multiple encrypted links could be painful . . . .

IPSEC is done at a low level compared to various other
encryptions.

I would expect VMS engineering to test this stuff on a wide variety of
configurations otherwise something will break.

Arne