tyvm, Tom When you say crypto hardware is not necessary but preferred, do you mean we do not have to enable the cryptographics cards to turn on TLS?
-----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Tom Ambros Sent: Tuesday, February 07, 2012 2:54 PM To: IBM-MAIN@bama.ua.edu Subject: Re: TLS, AT-TLS, Encryption Requirements Make sure you understand the SERVAUTH EZB.INITSTACK.** requirements for things like OMPROUTE and use DELAYSTART if you're autologging things. We're considering whether it is worth changing up parent-child relationships in SA because it can be disconcerting to see lots of ICH408I messages before Policy Agent installs the TLS policy. Once you see some of those you are obliged to inspect to make sure that whatever issued it was intelligent enough to recover, the smart thing is to stamp them all out in your sandbox first. That's pretty much where we sit right now, we have questions about certain requirements with IKE and NSS which hold up our rollout so production experience is not to be had here yet. I believe your emulator needs to be capable, my old Attachmate was not. Encryption will run anywhere, but it's like what they ask you if you want to play baccarat. "Do you have a lot of money?" Crypto hardware not necessary but preferred. In our case, we're playing around with automatic VPN tunneling because relying on products on a desktop to be capable is not always possible. Thomas Ambros Operating Systems and Connectivity Engineering 518-436-6433 From: "Henke, George" <george.he...@hp.com> To: IBM-MAIN@bama.ua.edu Date: 02/07/2012 14:32 Subject: TLS, AT-TLS, Encryption Requirements Sent by: IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu> Has anyone done this? Besides coding TTLS in the TCPCONFIG statement in the TCPIP PROFILE does anything else, like enabling encryption cards, need to be done? Also, is TLS downward compatible with older TN3270 emulators, like PROCOMM? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act. You may not directly or indirectly reuse or redisclose such information for any purpose other than to provide the services for which you are receiving the information. 127 Public Square, Cleveland, OH 44114 If you prefer not to receive future e-mail offers for products or services from Key send an e-mail to mailto:dnereque...@key.com with 'No Promotional E-mails' in the SUBJECT line. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
