Alan I had occasion recently to try to assist a colleague in understanding VTAM cryptography. I'm not sure I really succeeded. I strenuously avoided reading up on and teaching VTAM cryptography[1] and so, apart from the presence of the operands which I always skipped over, it was new to me.
[1] I think my excuse to myself was that I didn't have the extra products/software to check it out and, on balance, given all the other stuff I had to talk about in the 2-week class, adding cryptography wasn't justified. I'm posting only because I wonder what you might have in mind by "cross-domain" in addition to "LU-LU". My impression was that VTAM cryptography was designed for the old "same-domain", application LU to peripheral node LU, environment which would apply to the days when VTAM was "no extra charge", that is, before it was a "program product".[2] Then "cross-domain" came along and the way the pre-existing cryptography needed to be managed required quite a bit of "jumping through hoops" in the then new environment. That's why there's some emphasis on "cross-domain" in the manual descriptions but it appears to still be all about LU-LU cryptography. Of course, when going from "same-domain" to "cross-domain", there's the additional need for application LU to application LU cryptography. Perhaps that's what your "cross-domain" refers to. [2] This, incidentally, backs up your eons. The reason I was asked to help with VTAM cryptography was more an exercise in understanding the manual. Finally it was decided that the manual author had got lost in annotating a diagram. I don't blame him. It's tricky stuff - but then it's all about foiling tricky people. <g> Chris Mason ----- Original Message ----- From: "Alan Altmark" <[EMAIL PROTECTED]> Newsgroups: bit.listserv.ibm-main To: <[email protected]> Sent: Thursday, 31 August, 2006 11:25 PM Subject: Re: SNA crackable? > On Thursday, 08/31/2006 at 09:32 EST, Jim Marshall <[EMAIL PROTECTED]> > wrote: > > Few people admit or recognize the exposures which exist using a SNA > > network. Most of the SNA expertise is long gone and the networks are > just > > kept up with little understanding what could be done to secure things. > > Amen. I have been amused for years at the focus on telnet security while > the SNA network is just as busily flowing my clear-text LU2 data across > the same WANs. (My LAN sniffer pulls SNA frames as easily as IP frames.) > > VTAM has had cross-domain and LU-LU cryptography for eons, but do people > use it? > > Alan Altmark > z/VM Development > IBM Endicott ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
