M-I-C-K-E-Y M-O-U-S-E. Who remembers that song? -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Radoslaw Skorupka Sent: Friday, May 7, 2021 4:16 PM To: [email protected] Subject: Re: 3270 emulator / telnet with encryption
[External Email. Exercise caution when clicking links or opening attachments.] Poland: kicks for CICS C-P-A-C-F for CPACF (*) , (**) * Polish pronunciacion of letters. To start a war: we have consistent rules. Not like Cincinnati and car. ;-) Actually it's very similar to Latin. ** While CICS is rather not used very much on the streets, the CPACF is almost unknown even in among mainframers. I used to teach Introduction to ICSF and mainframe crypto HW. BTW: In the past I had to explain mainframe CE IBMers what is CCF and how to enable it. Fortunately I forbade to drop anything from mainframe add-ons and we found enablement diskette. It was valid for given serial number, so it wouldn't be nice to loose it. Old story. Few years later some CE performed checkout test on z800 and ...cleared all the master keys in CCF. Fortunately I had some procedures and backup copies... -- Radoslaw Skorupka (looking for new job) Lodz, Poland W dniu 07.05.2021 o 21:24, Eric D Rossman pisze: > I'm probably the odd one out, but I say "SEE-pack-eff" and "kicks" for > CPACF and CICS and I'm on the east coast of the US. > > And, yes, we (ICSF) do exploit the new z15 CPACF functions available > with > MSAE9 (Compute Digital Signature Authentication (KDSA)) for EC key > pair generation, digital signature generate/verify, and key agreement > for curves P-256, P-384, P-521, Ed25519, and Ed448. Since System SSL > calls us for those curves, they get the performance benefit as well. > > Eric Rossman, CISSP® > ICSF Cryptographic Security Development z/OS Enabling Technologies > [email protected] > > IBM Mainframe Discussion List <[email protected]> wrote on > 05/07/2021 12:57:01 PM: > >> From: Lennie Dymoke-Bradshaw > <[email protected]> >> Tom, >> >> CPACF is considered part of weaponry by the US government and so it >> has to be capable of being disabled for those countries where >> exportation of encryption is restricted by US Govt arms rules. This >> is why it has to be explicitly selected. >> >> CPACF is actually a pre-requisite for enabling a Crypto Express >> device. CPACF is used extensively in TLS. TLS uses clear key >> encryption for data transport and this is where the majority of >> encryption work is performed in TLS. However, I see the latest CPACF >> on Z15s have some new asymmetric functions, so maybe CPACF can be >> used in the TLS handshake as well now. >> >> Lennie Dymoke-Bradshaw >> >> -----Original Message----- >> From: IBM Mainframe Discussion List <[email protected]> On >> Behalf Of Tom Brennan >> Sent: 07 May 2021 16:55 >> To: [email protected] >> Subject: Re: 3270 emulator / telnet with encryption >> >> On 5/7/2021 6:19 AM, Phil Smith III wrote: >> >>> It's a reasonably safe bet that any machine today has CPACF; that >>> was not always true, of course. >> When IBM or a business partner configures a new machine, there's a >> checkmark for CPACF (zero charge), but it defaults to unchecked. So >> when ordering a new machine I'd suggest the customer ask to make sure >> that free feature code is supplied. >> >> If the machine comes with a crypto card, CPACF is automatically >> selected and required. No need to ask in that case. >> >> Side subject - so how do you pronounce CPACF? I always say each >> letter, but some IBM crypto folks say C-Pack-F > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN Confidentiality notice: This e-mail message, including any attachments, may contain legally privileged and/or confidential information. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any dissemination, distribution, or copying of this e-mail message is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this e-mail message from your computer. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
