I believe that's the idea. Now with zERT being available, more encrypted workload types will get surfaced; will probably lead to adding more application/transport types being added under AT-TLS's capability. Just speculation anyway..
What'll be interesting is if AT-TLS evolves to support mTLS (and the dynamic cert generation, renewal involved in it) for all the east-west traffic in new-age workload. Starting with a "port" of Let's Encrypt for Z. Don't know if any of these make sense, just a wild wishlist. - KB ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, July 1, 2020 10:16 AM, Tom Brennan <[email protected]> wrote: > Thanks KB... I think I got my basic question answered, which is that > one thing AT-TLS was designed for is to encrypt data for TCP/IP programs > that weren't originally written with encryption. In addition, it sounds > like even programs that can do their own encryption (i.e. TN3270) can > also use AT-TLS. If so, that's a smart plan - putting encryption > processing in one bucket with one set of controls, and one spot to > update when TLS1.x comes along. > > But if I'm wrong with any of the general notes above, please correct me. > > On 6/30/2020 9:16 PM, kekronbekron wrote: > > > Tom, check this out - https://www.youtube.com/watch?v=YKEzX70moOQ > > I also got 200 hits for 'AT-TLS' after logging in to share.org; you might > > want to do the same to see which of those are the most useful to you. > > > > - KB > > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > On Tuesday, June 30, 2020 10:27 PM, Tom Brennan [email protected] > > wrote: > > > > > I've tried to skim some of the AT-TLS doc, and even attended an IBM > > > webinar last week, but I'm still missing what I imagine are important > > > background points. Maybe someone here can explain things, but don't > > > worry too much about it. > > > Client and server programs like SSH/SSHD call programs such as OpenSSL > > > to handle the encryption handshake and processing. So when you set > > > those up, there is no AT-TLS needed for encryption. Same with the > > > TN3270 server and client, as long as you set that up with keys and > > > parameters on the host side, and settings on the client side. > > > I'm thinking because of the name "Application Transparent" that AT-TLS > > > was made for programs that DON'T have their own logic to call OpenSSL > > > (or whatever) to do their own encryption. Let's use clear-text FTP as > > > an example. So somehow, AT-TLS hooks into the processing and provides > > > an encrypted "tunnel", kind of like VPN does, but only for that one > > > application. Does that sound correct? > > > If so, then the encryption is "transparent" to the FTP server code and > > > FTP does not need to be changed, which I think is the whole idea here. > > > Yet we now have an encrypted session. Does that sound correct? > > > Then if so, what happens on the FTP client side? I certainly can't use > > > the Windows FTP command, for example, because it's not setup for any > > > kind of encryption. That's kind of my big question here. > > > On 6/30/2020 1:44 AM, Lionel B Dyck wrote: > > > > > > > Sweet - thank you > > > > Lionel B. Dyck <sdg>< > > > > Website: https://www.lbdsoftware.com > > > > "Worry more about your character than your reputation. Character is > > > > what you are, reputation merely what others think you are." - John > > > > Wooden > > > > -----Original Message----- > > > > From: IBM Mainframe Discussion List [email protected] On Behalf > > > > Of kekronbekron > > > > Sent: Tuesday, June 30, 2020 2:34 AM > > > > To: [email protected] > > > > Subject: Re: AT-TLS ? > > > > Hi LBD!, > > > > Check these out- > > > > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416 > > > > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415 > > > > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414 > > > > > > > > - KB > > > > > > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > > > On Monday, June 29, 2020 3:56 AM, Lionel B Dyck [email protected] wrote: > > > > > > > > > Anyone have any pointers for configuring AT-TLS on z/OS? > > > > > Lionel B. Dyck <sdg>< > > > > > Website: https://www.lbdsoftware.com https://www.lbdsoftware.com > > > > > "Worry more about your character than your reputation. Character is > > > > > what you are, reputation merely what others think you are." - John > > > > > Wooden > > > > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > > > > email to [email protected] with the message: INFO IBM-MAIN > > > > > > > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > > > email to [email protected] with the message: INFO IBM-MAIN > > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > > send email to [email protected] with the message: INFO IBM-MAIN > > > > > > -- > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to [email protected] with the message: INFO IBM-MAIN > > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
