John S. Giltner, Jr. wrote:
Not sure why, but we have had problems ftp'ing certificates to import.
What we end up doing is cut'ing from the PC and pasting into the TSO.
I was just recenlty made aware of this, the security people new but did
not tell any of the networking people. Here the mainframe network
sysprogs do all truly network functions (firewalls, switches, routers).
I was told that it has something to do with trailing blanks on the end
of the lines. That ftp was adding them, and something did not like
them. I want to do some testing, I think that using recfm VB should
work but I have not tried it yet.
digital signatures are applied to data ... then the digital signature is
later verified to check that 1) no bits in the data have changed and 2)
authenticate the entity generating the digital signature
digital certificates are a specialized standards format that are
digitally signed. any bit change in the body of the digital certificate
will result in the verification of the certificate's digital signature
to fail (and treating the result as a bad digital certificate).
a similar but different issue that happened with the XML digital
signature standard was that the base XML wasn't defining a deterministic
encoding standard.
FSTC finally came up with FSML deterministic encoding standard for
(digitally signed) financial transactions. Part of the issue was that
standard encoding process results in quite a bit of payload bloat for
financial transactions. Their solution was to take a financial
transaction, encode it for digital signing and then transmit the
original unencoded financial transaction (rather than the bloated
encoded version) along with appended digital signature. The recipient
would then re-encode the transaction and verify the digital signature.
Unless all the encoding processes produced exactly the same bits ... the
digital signature verification would fail.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
