Thanks! This conversation really helped me understand. And Mike just
pointed out that not only are things headed to AT-TLS, but it may be the
ONLY way to encrypt in the near future.
On 7/1/2020 9:21 AM, Charles Mills wrote:
Tom, I believe you have nailed it exactly. Those are the two main drivers IMHO.
In addition, there is a *huge* problem (in general, not Z specifically) of poorly-written
programmatic "users" of TLS libraries. If you write a General Ledger program and the
ledgers don't cross-foot, the CFO tells you. If you write an "encrypted" communication
program and the encryption has a logical flaw, generally no one tells you. :-( Centralizing the use
of TLS, not just the TLS APIs, is a step toward addressing that problem.
https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Tom Brennan
Sent: Tuesday, June 30, 2020 9:46 PM
To: [email protected]
Subject: Re: AT-TLS ? Very Basic Questions
Thanks KB... I think I got my basic question answered, which is that
one thing AT-TLS was designed for is to encrypt data for TCP/IP programs
that weren't originally written with encryption. In addition, it sounds
like even programs that can do their own encryption (i.e. TN3270) can
also use AT-TLS. If so, that's a smart plan - putting encryption
processing in one bucket with one set of controls, and one spot to
update when TLS1.x comes along.
But if I'm wrong with any of the general notes above, please correct me.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
