-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alan Altmark wrote: > > FWIW, there is exactly ONE requirement open for SSH on VM and it is for > inbound support of "ssh3270".
I can't comment about the effort involved in setting up an SSL server and cert database on z/VM. However in the unix world, I've set up and run both local SSL certificate authorities, SSL certified application networks (e.g. ldap client and server with certs on both sides), and obviously use SSH quite a lot in daily life. What I get out of all of this is that SSL is not meant for mere mortals. It's a certifiable pain to set up and maintain over time. Pun intended. :-) SSH, while it obviously trades some security, is convenient. It pretty much just works, with little or no admin intervention required. Ergo, I can understand people wanting "SSH" connections to z/VM. What they're really saying is they want a boost in security that is convenient to use and administer. Unfortunately, SSL may give the security, but only at considerable overhead. SSH is just the name of the service / product seen to give that desired trade off in other environments, and is thus the obvious name looked for. A classic case of specifying the solution instead of the problem? Yes. Also a classic case of a real need that is currently not easy to meet, though. - -- Pat -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklJhf8ACgkQNObCqA8uBsyxlwCgkof5Jzdz00x5Tyo6wHAjoyZw cY8AnjoVJw9jNBsraXLrdERYXJWhlDl5 =39oX -----END PGP SIGNATURE-----
