What's going to happen is that IBM will not support SHA-2 (or -3) and every shop with any degree of security (hipaa, sox, dod, ...) will cease to be able to use the internet delivery option. Being told to create an RFE for something that is obvious is troubling and to be told that it doesn't matter is worse. This is not my first shop where auditors dictate a higher level of security than most think required but they are following guidelines from someone higher up that can't be argued with.
Somehow I don't think I'm the first to raise this nor will I be the last. -------------------------------------------------------------------------- Lionel B. Dyck --- Opinions expressed are my own and not my employer --- -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Phil Smith III Sent: Monday, May 16, 2016 10:48 AM To: [email protected] Subject: [EXTERNAL] Re: smp/e sha-2 support? Charles Mills wrote: >I suspect you've got a problem, however. There's a saying in sales >"when you >explain, you lose." I can hear auditors saying "SHA-1 -- no good -- security >exposure" and I would not want to be the one explaining what you say >below >to them. >Perhaps I underestimate IT auditors. I just know the "buzzword kneejerk" >problem. I reluctantly have to support this position (not because I don't generally agree with Charles, but because it flies in the face of reason). "Trouble is, sheep are very dim. Once they get an idea in their 'eads, there's no shiftin' it." Same applies to far too many auditors/QSAs/et al. SHA-1 is dead; "good enough" or not, there's no reason to use it any more, given that SHA-2 (and, hey, SHA-3!) exist, eh? .phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
