DSNlink Version 3.0 for OpenVMS
Readme First
1-February-2001
Dear Customer,
This letter contains a brief description of DSNlink Version 3.0
for OpenVMS[TM]. It also explains which save sets you need, how
to download the appropriate save sets, and how to uncompress
them.
1 DSNLINK HAS ENCRYPTION
The major enhancement in DSNlink Version 3.0 is the addition
of encryption. DSNlink Version 3.0 encrypts messages between
your DSNlink system and Compaq with ciphers. A cipher is an
encryption/decryption algorithm.
These ciphers are in DSNlink Version 3.0:
o Triple DES-a 168-bit block cipher (TDES)
o DES-a 56-bit block cipher (DES)
o RC4-a 128-bit stream cipher (RC4_128)
o RC5-a 128-bit block cipher (RC5_128)
The cipher is negotiated with the DSNlink host during the
authentication process. The default cipher is Triple DES.
DSNlink encrypts these communications between your system and
the Compaq host:
o Service request submissions, augmentations, and responses
o Requests for lists of routing codes, open and closed service
requests, and supported products
o Interactive Text Search (ITS) sessions
o DSNlink mail messages
o Network Exerciser tests
o Remote login sessions
o System-Initiated Call Logging (SICL) service requests
Your system may not have SICL, which is not included in
DSNlink. SICL is part of the Compaq Analyze software, which
uses DSNlink to send SICL service requests to the Compaq
host.
If you use the DECwindows Motif interface, there is no indica-
tion that the communication was encrypted except for messages
in the window where you started DSNlink. If you use the com-
mand line interface, window messages list the encryption cipher
and authentication method. Similar messages also appear in the
server log files.
Note that the DSNlink host must also run DSNlink Version 3.0 for
two-way encryption to occur. Communications from your DSNlink
Version 3.0 system to a host running DSNlink Version 2.2 will
fail. The first connection failure is the Network Exerciser test
that DSNlink attempts at the end of the installation procedure.
For information on a workaround you can perform to allow unen-
crypted communiations, see the DSNlink Version 3.0 for OpenVMS
Release Notes.
DSNlink NE Version 3.0 for OpenVMS (where "NE" means no encryp-
tion), is a special kit for customers who cannot install DSNlink
Version 3.0, which encrypts all communications. Although DSNlink
NE Version 3.0 does not encrypt communications or contain en-
cryption software, it does have all the new features and bug
fixes that are in DSNlink Version 3.0.
2 IMPROVED AUTHENTICATION
When either your system or the Compaq host initiates a connec-
tion, the systems first perform authentication. The goal of the
process is for the customer and host systems to verify their
identities to each other before establishing a communication
connection. The systems must successfully authenticate them-
selves before either encrypted or nonencrypted messages are
exchanged.
Authentication has been enhanced with the addition of stronger,
hash-based message authentication code (HMAC) functions. During
the authentication process, DSNlink Version 3.0 combines a
message with your authentication key and processes the result
with industry-standard secure hash functions to generate a
hash-based message authentication code (HMAC) for the digital
signature. The HMAC algorithm follows RFC 2104 guidelines.
The HMAC authentication methods in DSNlink Version 3.0 are:
o MD5_V3 uses the MD5 cryptographic hash function to produce a
128-bit signature.
o RMD160 uses the cryptographic hash function RIPEMD-160 to
produce a 160-bit signature.
o SHA1 uses the cryptographic hash function SHA-1 to produce a
160-bit signature.
o SR160 uses both of the RIPEMD-160 and SHA-1 cryptographic
hash functions to produce a 160-bit signature. The advantage
of this method is that an adversary would have to break both
the SHA-1 and RIPEMD-160 functions to break the signature.
This is the default authentication method.
The older MD5 authentication method, which produces a 128-bit
signature, was used in earlier versions of DSNlink. Your DSNlink
Version 3.0 system will use this method if the host system is
running an earlier version of DSNlink. This method does not
follow RFC 2104 guidelines and is not as secure as the HMAC
methods mentioned above.
3 NEW AUTHENTICATION KEY
Previously, DSNlink used only MD5 to authenticate all connec-
tions. Both your system and the Compaq host had identical MD5
keys.
In DSNlink Version 3.0, a key that is compatible with the HMAC
functions is required for authentication. It is a single key for
the SHA1, RMD160, and SR160 authentication methods. It has this
location and file name format:
DSN$KEYS:HMAC-DIGITAL-access_number
If you install DSNlink Version 3.0, on a system with an earlier
version of DSNlink, the installation renames the existing MD5-
DIGITAL-access_number keys to HMAC-DIGITAL-access_number. The
contents of the MD5 key are not changed, just the file name.
If you install DSNlink Version 3.0, on a system without an
earlier version of DSNlink, the installation prompts you for the
authentication key. You can use the DSNlink authentication key
from another of your DSNlink systems. If you have no previous
versions of DSNlink, Compaq provides an authentication key for
you to enter at the installation prompt for a key.
If new or existing customers request an authentication key, the
HMAC key they receive is 16 characters longer than the MD5 keys.
Customers are encouraged to request the key because it is harder
for an adversary to break. For more information, contact Compaq.
4 RESTRICTIONS ON DISTRIBUTION
Exports of this product are subject to Section 740.17 of the
U.S. Export Administration Regulations pertaining to "retail
encryption" items eligible for U.S. License Exception ENC.
By downloading this kit, you agree you will comply with those
regulations.
5 HOW TO DOWNLOAD THE KIT FROM THE COMPAQ DSNLINK WEB SITE
To download the kit from the DSNlink Web site:
1. Using a browser, go to the following Web address:
http://www.support.compaq.com/dsnlink/kit_vms_v30.htm
The Web page titled "The DSNlink Version 3.0 for OpenVMS Kit"
displays. DSNlink and DSNlink NE Version 3.0 kits for both
Alpha[TM] and VAX[TM] systems are available for downloading
from this page.
2. Determine which save sets you need to download. See Section
Section 6 of this readme file for details.
Note that if you are installing this kit on a VAX that is
in an OpenVMS Cluster with Alpha systems, the VAX save sets
that you download also have images for the Alpha systems.
Similarly, if you install on an Alpha, the save sets include
the files necessary for any VAX systems in a cluster.
3. Download the appropriate save sets or an entire kit according
to the instructions on the Web page.
NOTE
You can download these save sets to any operating sys-
tem, but do not uncompress them until you have moved
them to your OpenVMS VAX or Alpha system.
See Section 7 of this readme file for instructions on uncom-
pressing the save sets and preparing for installation.
6 WHICH SAVE SETS DO YOU NEED?
Table 1 describes the DSNlink save sets, which are actually
auto-extractible compressed files.
________________________________________________________________
Table 1: DSNlink_Save_Sets
VAX Save Sets___________Alpha Save Sets_________Description_____
DSNLINK030.DCX_ DSNLINK030.DCX_ All save sets
VAXEXE AXPEXE (A, B, C, D, E,
and S)
DSNLINK030.A_DCX_ DSNLINK030.A_DCX_ Installation
VAXEXE AXPEXE files
DSNLINK030.B_DCX_ DSNLINK030.B_DCX_ Files for both
VAXEXE AXPEXE Alpha and VAX
systems
DSNLINK030.C_DCX_ DSNLINK030.C_DCX_ VAX images
VAXEXE AXPEXE
DSNLINK030.D_DCX_ DSNLINK030.D_DCX_ Alpha images
VAXEXE AXPEXE
DSNLINK030.E_DCX_ DSNLINK030.E_DCX_ VMS Version
VAXEXE AXPEXE 5.5-2 images
DSNLINK030.S_DCX_ DSNLINK030.S_DCX_ Documentation
VAXEXE AXPEXE
________________________________________________________________
You can download a file that contains ALL savesets (DSNLINK030.DCX_
VAXEXE or DSNLINK030.DCX_AXPEXE) or download only those save
sets that you need for your particular installation.
If you prefer to download individual save sets, determine which
save sets you need as follows:
o To install DSNlink on a standalone Alpha system that is
running OpenVMS Version 6.2, 7.1 or 7.2, download:
DSNLINK030.A_DCX_AXPEXE
DSNLINK030.B_DCX_AXPEXE
DSNLINK030.D_DCX_AXPEXE
DSNLINK030.S_DCX_AXPEXE
o To install DSNlink on a standalone VAX system that is running
OpenVMS Version 6.2, 7.1 or 7.2, download:
DSNLINK030.A_DCX_VAXEXE
DSNLINK030.B_DCX_VAXEXE
DSNLINK030.C_DCX_VAXEXE
DSNLINK030.S_DCX_VAXEXE
o To install DSNlink on a standalone VAX system that is running
VMS[TM] Version 5.5-2, download:
DSNLINK030.A_DCX_VAXEXE
DSNLINK030.B_DCX_VAXEXE
DSNLINK030.E_DCX_VAXEXE
DSNLINK030.S_DCX_VAXEXE
VMS Version 5.5-2 is not supported on Alpha systems.
o To install DSNlink on an OpenVMS Cluster of VAX and Alpha
systems, you can install just once if you have a cluster
common disk.
For an OpenVMS Cluster of both VAX and Alpha systems, down-
load these VAX save sets to install DSNlink on a VAX:
DSNLINK030.A_DCX_VAXEXE
DSNLINK030.B_DCX_VAXEXE
DSNLINK030.C_DCX_VAXEXE
DSNLINK030.D_DCX_VAXEXE
DSNLINK030.S_DCX_VAXEXE
For an OpenVMS Cluster of both VAX and Alpha systems, down-
load these AXP save sets to install DSNlink on an Alpha:
DSNLINK030.A_DCX_AXPEXE
DSNLINK030.B_DCX_AXPEXE
DSNLINK030.C_DCX_AXPEXE
DSNLINK030.D_DCX_AXPEXE
DSNLINK030.S_DCX_AXPEXE
Section 7 explains what to do with these save sets after you
have downloaded them.
7 AFTER YOU DOWNLOAD THE FILES, FOLLOW THESE INSTRUCTIONS
If you downloaded individual save sets, you must uncompress each
one and then restore the documentation save set (DSNLINK030.S).
If you downloaded one of the files that contains all save sets
(DSNLINK030.DCX_VAXEXE or DSNLINK030.DCX_AXPEXE), then you must
uncompress that file, restore the individual save sets contained
within it, and restore the documentation save set.
To uncompress individual save sets and restore the documentation
save set:
1. Uncompress each save set with the RUN command. For example:
$ RUN DSNLINK030.A_DCX_VAXEXE
The following messages appear:
FTSV DCX auto-extractible compressed file for OpenVMS (VAX)
FTSV V3.0 -- FTSV$DCX_VAX_AUTO_EXTRACT
Copyright (c) Digital Equipment Corp. 1993
Options: [output_file_specification [input_file_specification]]
The decompressor needs to know the filename to use for the
decompressed file. If you don't specify any, it will use the
original name of the file before it was compressed, and
create it in the current directory. If you specify a
directory name, the file will be created in that directory.
Decompress into (file specification): (press Return)
Opening and checking compressed file...
Decompressing (press Ctrl-T to watch the evolution)...
Creating decompressed file...
Original file specification: DSNLINK030.A_DCX_VAXEXE
Decompressed file specification: DISK$USER1:[DURANT.DSNLINK]
DSNLINK030.A;1
Successful decompression, decompression report follows:
File Size: 619.71 Blocks, 309.86 Kbytes, 317293 bytes
Decompression ratio is 1 to 1.57 ( 56.85 % expansion )
Elapsed CPU time: 0 00:00:01.12
Elapsed time : 0 00:00:02.97
Speed : 19636.36 Blocks/min, 9818.18 Kbytes/min,
167563.64 bytes/sec
2. Restore the documentation save set, DSNLINK030.S. Optionally,
you can first display the file names in the save set with
this command:
$ BACKUP/LIST DSNLINK030.S/SAVE
To restore the files from the save set to a directory, enter
this command:
$ BACKUP/SELECT=*.*/LOG DSNLINK030.S/SAVE ddcu:[dir]
Substitute your system's device name and directory for
ddcu:[dir].
3. Print or display the DSNlink Version 3.0 for OpenVMS Instal-
lation Guide. This document is supplied in PostScript and
text formats. The file names are:
DSNLINK030_INSTALLATION_GUIDE.PS or
DSNLINK030_INSTALLATION_GUIDE.TXT
4. Install DSNlink Version 3.0 using VMSINSTAL.
5. Complete the appropriate postinstallation tasks as described
in the installation guide.
To uncompress a file that contains multiple save sets (DSNLINK030.DCX_
VAXEXE or DSNLINK030.DCX_AXPEXE) and restore the individual save
sets within it:
1. Use the RUN command to uncompress the file. As shown in
the following example, this command decompresses the
auto-extractible compressed file into a file called
DSNLINK030.BCK.
$ RUN DSNLINK030.DCX_AXPEXE
.
.
.
Decompress into (file specification):
Opening and checking compressed file...
Decompressing (press Ctrl-T to watch the evolution)...
Creating decompressed file...
Original file specification: DSNLINK030.BCK;1
Decompressed file specification: DISK$USER1:[DURANT.DSNLINK]
DSNLINK030.BCK;1
Successful decompression, decompression report follows:
File Size: 45718.56 Blocks, 22859.28 Kbytes, 23407902 bytes
Decompression ratio is 1 to 1.58 ( 57.92 % expansion )
Elapsed CPU time: 0 00:00:46.66
Elapsed time : 0 00:00:49.59
Speed : 87350.20 Blocks/min, 43675.10 Kbytes/min,
745388.44 bytes/sec
2. Restore the save sets using the BACKUP command string as
shown in the following example:
$ BACKUP/LOG DSNLINK030.BCK/save DISK$USER1:[DURANT.DSNLINK]*.*
%BACKUP-S-CREATED, created DISK$USER1:[DURANT.DSNLINK]DSNLINK030.A;1
%BACKUP-S-CREATED, created DISK$USER1:[DURANT.DSNLINK]DSNLINK030.B;1
%BACKUP-S-CREATED, created DISK$USER1:[DURANT.DSNLINK]DSNLINK030.C;1
%BACKUP-S-CREATED, created DISK$USER1:[DURANT.DSNLINK]DSNLINK030.D;1
%BACKUP-S-CREATED, created DISK$USER1:[DURANT.DSNLINK]DSNLINK030.E;1
%BACKUP-S-CREATED, created DISK$USER1:[DURANT.DSNLINK]DSNLINK030.S;1
Once you have completed these tasks, restore the documentation
save set (DSNLINK030.S), as described in the previous procedure,
print or display the DSNlink Version 3.0 for OpenVMS Instal-
lation Guide, and install DSNlink Version 3.0 using VMSINSTAL
according to the instructions in the guide.
Thank you for using DSNlink. For further assistance, please
contact your Customer Support Center.
DSNlink Program Office
Compaq Customer Support Center
_________
Copyright 1989, 2000, 2001 Compaq Computer Corporation.
Compaq, VAX, VMS, and the Compaq logo Registered in U.S. Patent
and Trademark Office. Alpha and OpenVMS are trademarks of Compaq
Information Technologies Group, L.P. in the United States and
other countries. All other product names mentioned herein may be
trademarks of their respective companies.
Compaq shall not be liable for technical or editorial errors or
omissions contained herein. The information in this document is
subject to change without notice.