Tom, CPACF is considered part of weaponry by the US government and so it has to be capable of being disabled for those countries where exportation of encryption is restricted by US Govt arms rules. This is why it has to be explicitly selected.
CPACF is actually a pre-requisite for enabling a Crypto Express device. CPACF is used extensively in TLS. TLS uses clear key encryption for data transport and this is where the majority of encryption work is performed in TLS. However, I see the latest CPACF on Z15s have some new asymmetric functions, so maybe CPACF can be used in the TLS handshake as well now. Lennie Dymoke-Bradshaw https://rsclweb.com Consultant working on contract for BMC mainframe Services by RSM Partners ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Tom Brennan Sent: 07 May 2021 16:55 To: [email protected] Subject: Re: 3270 emulator / telnet with encryption On 5/7/2021 6:19 AM, Phil Smith III wrote: > It's a reasonably safe bet that any machine today has CPACF; that was > not always true, of course. When IBM or a business partner configures a new machine, there's a checkmark for CPACF (zero charge), but it defaults to unchecked. So when ordering a new machine I'd suggest the customer ask to make sure that free feature code is supplied. If the machine comes with a crypto card, CPACF is automatically selected and required. No need to ask in that case. Side subject - so how do you pronounce CPACF? I always say each letter, but some IBM crypto folks say C-Pack-F ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN This email has been scanned by BullGuard antivirus protection. For more info visit www.bullguard.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
