Re: HTTPS for PDUU

2019-06-07 Thread Jesse 1 Robinson 
The simplest description I've found is referenced in the APAR text:

http://publibz.boulder.ibm.com/zoslib/pdf/OA55959.pdf

As I understand it, PDUU was designed to give the customer a standard 
*supported* mechanism for uploading SR doc to IBM. The original implementation 
used FTP, which is notoriously insecure. We are in a (unique?) bind because we 
send *and* receive data from IBM using an appliance (Bluecoat) that does not 
now and presumably never will support TLS (FTPS) keywords. We have used HTTPS 
for some time to pull fixes and other data from IBM, but PDUU could utilize 
only FTP. Until now. 

I don't know whether or how this change impinges on any other doc-sending 
mechanism. 

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler 
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
robin...@sce.com

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Jousma, David
Sent: Friday, June 7, 2019 12:32 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: HTTPS for PDUU

I think you mean z/OSMF, and even when fully implemented, we won't be allowing 
direct access to upload dumps from the mainframe without some manual 
intervention at least.   I looked at that briefly awhile back, and sadly we are 
still way behind getting security setup correctly.   

It is good news that PDUU works now with https, but day late, dollar short.  We 
bit the bullet and got ATTLS security working between us and IBM when the new 
requirements for security came out for the GDPR requirements.

_
Dave Jousma
AVP | Manager, Systems Engineering  

Fifth Third Bank  |  1830 East Paris Ave, SE  |  MD RSCB2H  |  Grand Rapids, MI 
49546
616.653.8429  |  fax: 616.653.2717


-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Lizette Koehler
Sent: Friday, June 7, 2019 2:57 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: HTTPS for PDUU

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

So I thought IBM would want us to use z/OSEM?

Is that still the plan?  Or is this a different function


Lizette


> -Original Message-
> From: IBM Mainframe Discussion List  On 
> Behalf Of Jesse 1 Robinson
> Sent: Thursday, June 06, 2019 4:12 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: HTTPS for PDUU
> 
> Until now, IBM's new/future customer doc upload mechanism PDUU could 
> make use only of FTP, which is deprecated in general as insecure.
> Newly available APAR
> OA55959 introduces the option to use HTTPS. We already use HTTPS to 
> pull fixes from IBM, so it's a tried and true-and secure-protocol 
> readily available to (I think) most customers. Check it out.
> 
> .
> .
> J.O.Skip Robinson
> Southern California Edison Company
> Electric Dragon Team Paddler
> SHARE MVS Program Co-Manager
> 323-715-0595 Mobile
> 626-543-6132 Office <= NEW
> robin...@sce.com<mailto:robin...@sce.com>
> 

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL 
EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**


This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: HTTPS for PDUU

2019-06-07 Thread Jousma, David 
I think you mean z/OSMF, and even when fully implemented, we won't be allowing 
direct access to upload dumps from the mainframe without some manual 
intervention at least.   I looked at that briefly awhile back, and sadly we are 
still way behind getting security setup correctly.   

It is good news that PDUU works now with https, but day late, dollar short.  We 
bit the bullet and got ATTLS security working between us and IBM when the new 
requirements for security came out for the GDPR requirements.

_
Dave Jousma
AVP | Manager, Systems Engineering  

Fifth Third Bank  |  1830 East Paris Ave, SE  |  MD RSCB2H  |  Grand Rapids, MI 
49546
616.653.8429  |  fax: 616.653.2717


-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Lizette Koehler
Sent: Friday, June 7, 2019 2:57 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: HTTPS for PDUU

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

So I thought IBM would want us to use z/OSEM?

Is that still the plan?  Or is this a different function


Lizette


> -Original Message-
> From: IBM Mainframe Discussion List  On 
> Behalf Of Jesse 1 Robinson
> Sent: Thursday, June 06, 2019 4:12 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: HTTPS for PDUU
> 
> Until now, IBM's new/future customer doc upload mechanism PDUU could 
> make use only of FTP, which is deprecated in general as insecure. 
> Newly available APAR
> OA55959 introduces the option to use HTTPS. We already use HTTPS to 
> pull fixes from IBM, so it's a tried and true-and secure-protocol 
> readily available to (I think) most customers. Check it out.
> 
> .
> .
> J.O.Skip Robinson
> Southern California Edison Company
> Electric Dragon Team Paddler
> SHARE MVS Program Co-Manager
> 323-715-0595 Mobile
> 626-543-6132 Office <= NEW
> robin...@sce.com<mailto:robin...@sce.com>
> 

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL 
EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**


This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: HTTPS for PDUU

2019-06-07 Thread Lizette Koehler 
So I thought IBM would want us to use z/OSEM?

Is that still the plan?  Or is this a different function


Lizette


> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf Of
> Jesse 1 Robinson
> Sent: Thursday, June 06, 2019 4:12 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: HTTPS for PDUU
> 
> Until now, IBM's new/future customer doc upload mechanism PDUU could make use
> only of FTP, which is deprecated in general as insecure. Newly available APAR
> OA55959 introduces the option to use HTTPS. We already use HTTPS to pull
> fixes from IBM, so it's a tried and true-and secure-protocol readily
> available to (I think) most customers. Check it out.
> 
> .
> .
> J.O.Skip Robinson
> Southern California Edison Company
> Electric Dragon Team Paddler
> SHARE MVS Program Co-Manager
> 323-715-0595 Mobile
> 626-543-6132 Office <= NEW
> robin...@sce.com
> 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN