Operating System - OpenVMS
1748129 Members
3744 Online
108758 Solutions
New Discussion юеВ

Re: new Poll: IPSEC support in HP TCPIP

 
SOLVED
Go to solution
Richard J Maher
Trusted Contributor

new Poll: IPSEC support in HP TCPIP

Hi,

Please vote for IPsec at the following site: -
http://www.openvms.org/stories.php?story=09/05/13/1922766

Thanks for setting that up Ian.

Cheers Richard Maher

PS. It's free! It allows you secure all (TCP/IP and UDP) traffic between hosts transparently! Host or Port level granularity! No more SSL coding at the application level! Comes with a host-based firewall capability! Secure your hand-held and portable communications today(ish)! Most of the code already exists and is able to make 8.4!

PPS. If you're going to vote "no" then why not just scratch your initials into a bus window, or spay-paint a wall like you normally do :-)
24 REPLIES 24
Jon Pinkley
Honored Contributor

Re: new Poll: IPSEC support in HP TCPIP

Just for people's information, these are your choices:

OpenVMS.org Polls

If IPSEC support was available in HP TCPIP Services for OpenVMS

o You would deploy it on a production server within a year

o Be not interested because you already use another vendors IPSEC on OpenVMS

o Have no interest in using IPSEC on OpenVMS

o Don't know what IPSEC is

it depends
Jon Pinkley
Honored Contributor
Solution

Re: new Poll: IPSEC support in HP TCPIP

How many sites would use a V1 security related product in production systems within a year of its initial release? That appears to be the only choice "in favor" of IPSec, as all the rest would seem to indicate no interest.

My point being that you can design a poll to get the result you want, and it appears to me the result that is wanted is "Our customers show no interest in IPSec at this time".

it depends
Richard J Maher
Trusted Contributor

Re: new Poll: IPSEC support in HP TCPIP

Hi John,

I certainly hope you're wrong. (Although I too would have like a less qualified "Yes" box)

I'm guessing any confusion with the questions, would have more to with the inexperience of the framers as pollsters rather than malicious intent or agenda.

OTOH, maybe they were told "that's what it'd take" and had to run with it :-(

Cheers Richard Maher

PS. Looking forward to once again saying a big *NO* to daylight saving in WA this week-end. (Hopefully for the last time!)
Jan van den Ende
Honored Contributor

Re: new Poll: IPSEC support in HP TCPIP

Richard,

thanks for the pointer.

I just voted in favor, and I strongly advise every regular (and not so very regular) visitor here to do the same!

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
John Abbott_2
Esteemed Contributor

Re: new Poll: IPSEC support in HP TCPIP

Thanks from me too, for setting this up. It's a yes both here and directly to HP (from your previous heads-up post)

re: pps... lol :-)

Regards,
John.
Don't do what Donny Dont does
John Gillings
Honored Contributor

Re: new Poll: IPSEC support in HP TCPIP

Richard,

We recently put this question to HP Engineering directly, not because we want, need or even intend to use IPsec, but more as a sign of reduced investment, care and feeding, etc... in OpenVMS by HP.

In a nutshell, their answer was "show us the money". They pointed to the very low uptake of the EAK, and lack of feedback from customers stating that they wanted the product.

Rather than conduct a poll, I would urge anyone who is willing to pay for this product (even assuming that it will be "free" with an existing TCPIP license), to contact their account reps directly. A poll is not likely to be as effective as "if you don't implement IPsec, THIS customer will stop paying maintenance on TCPIP services and switch to one of the competing products".


A crucible of informative mistakes
Richard J Maher
Trusted Contributor

Re: new Poll: IPSEC support in HP TCPIP

John,

I will go over the same ground as I have done many times before in various forums.

1) Nobody is asking for some blue-sky thinking here or to invest in a huge startup project. IPSec is not just low-hanging fruit, it's a wind-fall sitting on the ground; all they have to do is pick it up! Unless of course, all of the money that's been poured into its development over the last 5+ years has produced something a tad less than merchantable quality. (In which case if I was the developer(s) or project manager(s) I too would be desperate to stop people asking what we've been doing all this time!)

2) What is the standard or average EAK download stats for say the last 10 VMS products released in this fashion? What is a "low uptake" and what are "they" comparing it to?

What was the Java EAK download stats? WSIT 3.0? RTR on Linux? IPv6? Clusters over IP perhaps?

Oh, I see; they don't have to jump through the same imaginary hoops as someone's pet project? I get it, VMS management only does this when they want to kill something.

"Global clusters over IP" has everyone asking for it, but "VPN my laptops and hand-helds" is an orphan? I think not.

3) Your world may well revolve around what "We" do but when every other OS and IP Stack vendor from SUN to Microsoft to IBM to all flavours of Linux and Android and iPhone have implemented IPsec (and most of them years ago on IPv4) you'll forgive me for dismissing the argument as being akin to the horse that won't drink. The ability to encrypt and authenticate all communication between hosts or just some ports on different hosts is not something I see as being limited in its application these days, even in intranets.

Why bother with IPv6 at all for Pete's sake? Where were you when they were presumably wasting more money on that redundant rubbish? Big EAK hit? BTW, IPsec is a *mandatory* component for those claiming IPv6 compliance.

What's that you say?

"We don't put VMS on the network and expose it to nastiness, VMS is a local shop for local people!" We don't need a firewall on VMS, we don't need secure communications, we just buy a whole lot of *nix boxes for the real world stuff and lock VMS up in a room :-(

> Rather than conduct a poll,

Oh, I see, the jury's back but no one likes the verdict? I also see Ian has adopted a similar tack in OpenVMS.org :-( Looks like John P was right after all.

Anyway, it maybe fun to watch me run around like Pavlov's Dog but seeing long suffering VMS customers have to do the same for even the most basic, essential e-business functionality helps explain why VMS is where it is today.

Why don't they stop all IPv6, no all VMS, development now? Hold on. . .Ooops!

Richard Maher
Richard J Maher
Trusted Contributor

Re: new Poll: IPSEC support in HP TCPIP

Hi again John,

I just had a look at: -
http://h71000.www7.hp.com/ebusiness/technology.html

And was once again surprised to find not 1, 2, or 3, but *4* web-browsers for VMS! Well I guess you just can't have too many of those.

Anyway what I couldn't find on the page was how much profit HP/VMS makes from the sale of these products, or the additional VMS units shipped on the back of them. You couldn't get your contacts to help me out and "Show me the money" could you?

Also, what were the EAK download stats for each of these web-browsers?

Regards Richard Maher

PS. What has changed in the last say 5 years since millions of license-payer dollars were allocated to IPsec development, and thousands of man-hours spent, and today where presumably that money will just be written off as "I bet ya no one was gonna use it anyway"?
Richard Whalen
Honored Contributor

Re: new Poll: IPSEC support in HP TCPIP

I have no idea how many MultiNet sites use IPSec; we haven't had a lot of questions, so I don't believe that it is many. But we have had questions about it since before we added the key management program, so I know that there are a few users.

Based upon number of support calls, the number of users of SSH & SFTP is orders of magnitude higher.

FTP over TLS (FTPS) hasn't been out long enough to measure, but we have had a few calls on it as well.

I would say that there is great demand for methods of securing user authentication and data exchange, which method ends up being the most popular in the long run is hard to say.