PMFJI here and perhaps I misunderstand the requirement, but requiring ESF permission to compute a hash makes no sense to me, even from the POV of a paranoid liability attorney.
What possible technical justification is there (other than "the lawyers said we needed it") is there for such a requirement? What possible harm can a program computing a hash do that requires ESF permission? Unless this is computing a hash using a protected key rather than a clear key? I can sort of see permission needed to create or update a protected key in the CKDS, but why would permission be needed to just use it? Peter -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Pierre Fichaud Sent: Friday, October 23, 2020 12:17 PM To: [email protected] Subject: Re: CSNBHMG - ICSF EXTERNAL EMAIL Hi, CSNB* calls are DES CSND* calls are AES. If you are using CSNBHMG you need the DES master key to be set. And the label used in the call needs to be in the CKDS. And you need permissions defined in RACF. Regards, Pierre. -- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
