SSL FTPing via crypto processor

2012-04-12 Thread Tsai Laurence 
Dear listers, 
as the subject ,  a couple of questions to be clarified .
from z10+ , with z/OS V1.11+
1) I know z/OS FTP client support SSL/TLS ,  But no idea whether the 
transferred data encrypted via HW crypto (CPACF) ?
2) If yes , what kind of key , symemtric key ? asymmestric key ?
3) is it signifcant CPU overhead comparing with none SSL ftping ?

regards,
Laurence

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: SSL FTPing via crypto processor

2012-04-12 Thread Staller, Allan 
1) If CPACF is available, I believe it will be used
2) IIRC, TLS uses symmetric key
3) Encryption generally incurs fairly significant overhead. IIRC, TCPIP
will offload this work to a  zIIP if available.

HTH, 

snip
as the subject ,  a couple of questions to be clarified .
from z10+ , with z/OS V1.11+
1) I know z/OS FTP client support SSL/TLS ,  But no idea whether the
transferred data encrypted via HW crypto (CPACF) ?
2) If yes , what kind of key , symemtric key ? asymmestric key ?
3) is it signifcant CPU overhead comparing with none SSL ftping ?
/snip

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: SSL FTPing via crypto processor

2012-04-12 Thread Rob Schramm 
Just take the time to read thru Lin Overby's SHARE presentation on
TCPIP and Cryptography.  It is excellent.

http://mobile.share.org/client_files/SHARE_in__Seattle/S3346LO213235.pdf

And it will answer all of your questions.

Rob Schramm
Senior Systems Consultant
Imperium Group



On Thu, Apr 12, 2012 at 9:04 AM, Staller, Allan allan.stal...@kbmg.com wrote:
 1) If CPACF is available, I believe it will be used
 2) IIRC, TLS uses symmetric key
 3) Encryption generally incurs fairly significant overhead. IIRC, TCPIP
 will offload this work to a  zIIP if available.

 HTH,

 snip
 as the subject ,  a couple of questions to be clarified .
 from z10+ , with z/OS V1.11+
 1) I know z/OS FTP client support SSL/TLS ,  But no idea whether the
 transferred data encrypted via HW crypto (CPACF) ?
 2) If yes , what kind of key , symemtric key ? asymmestric key ?
 3) is it signifcant CPU overhead comparing with none SSL ftping ?
 /snip

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: SSL FTPing via crypto processor

2012-04-12 Thread R.S. 

W dniu 2012-04-12 12:23, Tsai Laurence pisze:

Dear listers,
as the subject ,  a couple of questions to be clarified .
from z10+ , with z/OS V1.11+
1) I know z/OS FTP client support SSL/TLS ,  But no idea whether the 
transferred data encrypted via HW crypto (CPACF) ?
2) If yes , what kind of key , symemtric key ? asymmestric key ?
3) is it signifcant CPU overhead comparing with none SSL ftping ?


1) CPACF can be used when present. It's not used for every single crypto 
function.
2) SSL/TLS is a mix of encryption methods. During the handshake process 
assymetric algorithms are used, then some symmetric key is exchanged and 
main session (= vast majority of data) is encrypted using symmetric 
cryptography.

3. It depends. :-)

--
Radoslaw Skorupka
Lodz, Poland





--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku 
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie 
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem 
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania 
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by 
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo 
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. 


BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax 
+48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88. 
Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.410.984 zotych.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN