By out of the CEC and back, I meant using the link out to the switch and back in to a different Lpar. It is available, but I have no reason to test it at this time. Even so, that link wouldn't put traffic very far out on the network to be sniffed if it was not TLS.
> -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On > Behalf Of Chris Mason > Sent: Sunday, June 29, 2008 4:52 PM > To: [email protected] > Subject: Re: TN3270 *from* a host?? > > Dave > > According to some nice diagrams on an IBM web page I have seen explaining > Hipersockets, to say "using the path out of the CEC and back" seems > inappropriate. I made sure of this because Patrick O'Keefe - also taking > an > interest in this thread - complained in an APPN newsgroup post that the > APPN > transmission group characteristics table entry covering HiperSockets > specified > UNSECURE - I know if the VTAM developers had a better appreciation of > negative prefixes in English they would have used the word INSECURE[1] - > rather than one of the other security code words available. > > It turns out nobody bothered about the full set of characteristics; they > concerned themselves only with the speed characteristic. Those who did > think > it through concluded that UNSECURE was incorrect - on two counts! > > I couldn't easily find the pretty picture I found before but this > reference > covers the point, specifically the initial text following the title > "HiperSockets": > > http://researchweb.watson.ibm.com/journal/rd/464/baskey.html > > [1] For what it's worth, the Google ration is 1:12 (in millions) in favour > of "insecure". > > Chris Mason > > On Thu, 26 Jun 2008 11:04:07 -0700, Gibney, Dave <[EMAIL PROTECTED]> > wrote: > > > Well, I'm already TLS from my workstation to the original logon of > >TSO, and then I at least am so far always using the Hipersocket > >connection, so I see no security lapse. I don't have any good reason to > >check it out using the path out of the CEC and back. > > It does seem strange though if TLS isn't supported as you say. > > > >-----Original Message----- > >From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On > >Behalf Of Richard Peurifoy > >Sent: Thursday, June 26, 2008 8:37 AM > >To: [email protected] > >Subject: Re: TN3270 *from* a host?? > > ... > > > >It should be mentioned that the telnet transparent mode > >under TSO does not support TLS. So if TLS encryption is > >required (as it is here) this won't work (at least as of > >z/OS 1.7). > > > >As for being written using the PASCAL API, so is the SMTP > >server. > > > >-- > >Richard > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
