Re: [OpenVMS, DECnet] How to do DECnet over - secure (ssh, ssl) - IP ? IP ? IP ?
From: Dirk Munk (munk_at_home.nl)
Date: 06/22/04
- Next message: Poor JF: "JF on Americans and their SUVs"
- Previous message: Michael Austin: "Re: ECP high values for VMSDSK Total I/O Rate"
- In reply to: Barry Treahy, Jr.: "Re: [OpenVMS, DECnet] How to do DECnet over - secure (ssh, ssl) - IP ? IP ? IP ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 22 Jun 2004 00:26:54 +0200
Barry Treahy, Jr. wrote:
> Dirk Munk wrote:
>
>> The problem with stuff like SSH is that there is no real concept
>> behind it. It is the Unix style of solving problems. You have a
>> problem, so you design a small tool for just that little problem.
>> Another small problem ? Another small tool. Someone once wanted to use
>> encryption for telnet and file transfer, so we got SSH. Instead of
>> thinking about a way to encrypt *all* IP traffic, we got SSH, Stunnel,
>> and other tools that more or less gave us small sollutions for
>> encrypted traffic. That wasn't sufficient, and then they even went
>> futher and designed a way to tunnel other IP traffic over SSH. It is a
>> kind of chewinggum, sticky tape and paperclip way of software design.
>> And before I forget, there is also OpenSSH which is similar to SSH,
>> but just a bit different. Nice......
>>
>> Now there is a new concept called IPsec, and if I'm not mistaken it
>> will offer encyption for any IP port. There is a concept behind it, is
>> most likely not easy to implement, and so it will take a long time to
>> get accepted. I assume it will be possible to encrypt DECnet over IP
>> with IPsec, but alas we have to wait just a little bit longer before
>> we can use secure DECnet over IP.
>
>
> What planet are you from? IPsec has been around for a long time and has
> been the basis for point to point as well as network to network
> tunneling! Since, with IPsec, you can encrypt all traffic between two
> ends points (hosts and/or subnets), any traffic (even DECnet over IP)
> will be encrypted. VPN tunneling (using IPsec) has been around much
> longer than you are eluding too, so perhaps you should do a little more
> research than just ranting and raving about Un*x command/tool style...
>
>
> Barry
Well, on the last roadmap I saw where IPsec would be implemented on VMS, it was
still somewhere far in the future. I remember seeing some rather complicated
looking windows, and I was told implementing this was not at all easy. I don't
think it is based on setting up a static VPN tunnel. Instead it appeared to me
as a much more complicated piece of software for ad hoc connections (like SSH)
and with lots of security settings. So maybe it is the next phase of IPsec, just
as there are many IP tools based on SSL.
My ranting about Unix command/tool style is based on working with the stuff, and
all the horrors I experienced when I trying to get it to work. Have you tried
SSH on VMS, or did you try getting a VMS or Unix SSH stack to work with OpenSSH?
Good luck, it took me weeks trying to find a way how to automatically do file
transfers between a Solaris box and a VMS system. SFTP for instance is not FTP
through a SSL tunnel as one might think, but a totally different piece of
software. If you want to use real FTP, you have to set up a SSH tunnel and do
all kind of difficult settings. Can you explain to me why this is necessary?
That is what I meant with 'no concept' etc.
- Next message: Poor JF: "JF on Americans and their SUVs"
- Previous message: Michael Austin: "Re: ECP high values for VMSDSK Total I/O Rate"
- In reply to: Barry Treahy, Jr.: "Re: [OpenVMS, DECnet] How to do DECnet over - secure (ssh, ssl) - IP ? IP ? IP ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
