While I strongly believe there is a technical reason behind, it is NOT
the one described below.
Both PDSE and basic PS can be encrypted.
The requirement: SMS-managed.
--
Radoslaw Skorupka
Lodz, Poland
W dniu 14.01.2024 o 06:50, Attila Fogarasi pisze:
It is indeed a technical reason: PDS and PDSE datasets cannot be
Extended-Format. Pervasive Encryption requires Extended-Format. The
restrictions on Extended-Format have been problematic for the past decade,
so presumably not easy to fix. A few other dataset types are also affected
(such as Direct).
Your problem is more with the use of HLQ to designate Pervasive Encryption,
that is maybe much easier to fix (at a guess).
On Sun, Jan 14, 2024 at 3:29 AM Steve Estle<sest...@gmail.com> wrote:
Everyone,
Our team is knee deep into pervasive encryption rollout on ZOS 2.5 and
despite the fact such functionality has been out for years by IBM to do
this, it is quite surprising how many software vendors when you contact
them they have no clue what you're talking about - that is a complete aside
- I'm not going to name vendors here but if you want some examples you can
contact me offline.
My true reason for composing this is that we've discovered the inability
to encrypt load libraries - even in PDSE format. I've yet to get a
straight answer from IBM on why this is?... Is this a "giant" technical
hurdle for IBM? Or is it just cause there hasn't been anyone who raised
the need yet? If the latter does this capability interest others here if I
were to raise as an IBM idea - would you vote for it?
I know this seems innocuous, but we'd like to encrypt as much as possible
in our environment and due to Top Secret deficiencies we have to encrypt at
high level qualifier level (HLQ) (all or nothing under each HLQ
unfortunately). Given we have load module libraries under many differ
HLQ's this is posing difficulties in moving forward with our rollout when
an HLQ does have one or more load module libraries as part of that HLQ.
You can only imagine the pain of renaming a load library given all the JCL,
etc that is referencing that library name.
Also, while encrypting load module libraries might seem a little far
fetched, there are of course many malicious viruses that have been launched
by injecting code into a suspecting piece of code.
So two questions:
1. Why has IBM not already provided such functionality - can anyone speak
to the technical hurdles to provide?
2. If I were to submit an IBM idea, can I count on this community for some
backing here to help in upvoting such an idea submission?
Thanks for your indulgence,
Steve Estle
sest...@gmail.com
Peraton systems programmer
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
