W dniu 03.10.2025 o 20:00, Steve Estle pisze:
Thanks all, what have you found to be the best sources of information for such
architecting / reference / decisions / howto given we are not interested in encrypting
"data at rest" (at least not now) and only interested in encryption over Comm
Srvr controlled links. Is it strictly Comm Server 3.1 Doc or do you have other
documentation that you feel is essential?
You hit upon a key point on the asymmetric vs. symmetric key exchanges - not sure I
understand why you say "go with TLS 1.3 - no reason not to"... My
understanding is some crypto algorithms are no longer valid in TLS 1.3 (in other words
not a superset of TLS 1.2) but open to being educated on that?
Advice: do not reinvent the wheel.
Do you want to encrypt OSA/LAN/TCPIP traffic? Great! However...
a) you may find out it was solved already - that means there are ready
to use features and parameters.
b) you may create your own solution with the protocols & algorithms at
your choice. I would not recommend it.
Assuming a) as the only viable option (assuming you're not creating new
system product) you should use TLS. What level/version? It depends. It
depends on the features on the other end of LAN cable. For example
outdated PCOMM will not work with TLC 1.3.
Is TLS 1.3 better than 1.2? Obviously yes, from security point of view.
Is TLS 1.2 insecure? Nobody said that. However TLS 1.1 can be considered
as "secure enough" (which I agree), but it is officially not
recommended. And that's important also. Legal aspect.
Of course we can expect TLS 1.2 will be obsoleted earlier than 1.3, so
go 1.3 if possible.
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
