I believe that's the idea.
Now with zERT being available, more encrypted workload types will get surfaced; 
will probably lead to adding more application/transport types being added under 
AT-TLS's capability.
Just speculation anyway..

What'll be interesting is if AT-TLS evolves to support mTLS (and the dynamic 
cert generation, renewal involved in it) for all the east-west traffic in 
new-age workload.
Starting with a "port" of Let's Encrypt for Z.
Don't know if any of these make sense, just a wild wishlist.

- KB

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, July 1, 2020 10:16 AM, Tom Brennan <t...@tombrennansoftware.com> 
wrote:

> Thanks KB... I think I got my basic question answered, which is that
> one thing AT-TLS was designed for is to encrypt data for TCP/IP programs
> that weren't originally written with encryption. In addition, it sounds
> like even programs that can do their own encryption (i.e. TN3270) can
> also use AT-TLS. If so, that's a smart plan - putting encryption
> processing in one bucket with one set of controls, and one spot to
> update when TLS1.x comes along.
>
> But if I'm wrong with any of the general notes above, please correct me.
>
> On 6/30/2020 9:16 PM, kekronbekron wrote:
>
> > Tom, check this out - https://www.youtube.com/watch?v=YKEzX70moOQ
> > I also got 200 hits for 'AT-TLS' after logging in to share.org; you might 
> > want to do the same to see which of those are the most useful to you.
> >
> > -   KB
> >
> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > On Tuesday, June 30, 2020 10:27 PM, Tom Brennan t...@tombrennansoftware.com 
> > wrote:
> >
> > > I've tried to skim some of the AT-TLS doc, and even attended an IBM
> > > webinar last week, but I'm still missing what I imagine are important
> > > background points. Maybe someone here can explain things, but don't
> > > worry too much about it.
> > > Client and server programs like SSH/SSHD call programs such as OpenSSL
> > > to handle the encryption handshake and processing. So when you set
> > > those up, there is no AT-TLS needed for encryption. Same with the
> > > TN3270 server and client, as long as you set that up with keys and
> > > parameters on the host side, and settings on the client side.
> > > I'm thinking because of the name "Application Transparent" that AT-TLS
> > > was made for programs that DON'T have their own logic to call OpenSSL
> > > (or whatever) to do their own encryption. Let's use clear-text FTP as
> > > an example. So somehow, AT-TLS hooks into the processing and provides
> > > an encrypted "tunnel", kind of like VPN does, but only for that one
> > > application. Does that sound correct?
> > > If so, then the encryption is "transparent" to the FTP server code and
> > > FTP does not need to be changed, which I think is the whole idea here.
> > > Yet we now have an encrypted session. Does that sound correct?
> > > Then if so, what happens on the FTP client side? I certainly can't use
> > > the Windows FTP command, for example, because it's not setup for any
> > > kind of encryption. That's kind of my big question here.
> > > On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
> > >
> > > > Sweet - thank you
> > > > Lionel B. Dyck <sdg><
> > > > Website: https://www.lbdsoftware.com
> > > > "Worry more about your character than your reputation. Character is 
> > > > what you are, reputation merely what others think you are." - John 
> > > > Wooden
> > > > -----Original Message-----
> > > > From: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU On Behalf 
> > > > Of kekronbekron
> > > > Sent: Tuesday, June 30, 2020 2:34 AM
> > > > To: IBM-MAIN@LISTSERV.UA.EDU
> > > > Subject: Re: AT-TLS ?
> > > > Hi LBD!,
> > > > Check these out-
> > > > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
> > > > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
> > > > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
> > > >
> > > > -   KB
> > > >
> > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > > > On Monday, June 29, 2020 3:56 AM, Lionel B Dyck lbd...@gmail.com wrote:
> > > >
> > > > > Anyone have any pointers for configuring AT-TLS on z/OS?
> > > > > Lionel B. Dyck <sdg><
> > > > > Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
> > > > > "Worry more about your character than your reputation. Character is
> > > > > what you are, reputation merely what others think you are." - John
> > > > > Wooden
> > > > > For IBM-MAIN subscribe / signoff / archive access instructions, send
> > > > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > > >
> > > > For IBM-MAIN subscribe / signoff / archive access instructions, send 
> > > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > >
> > > --
> > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
>
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to