controls to ICSF ciphering is useless. A program can directly use CPACF
instead of ICSF.
Even if CPACF would be unavailable, I don't think, that any function
should be restricted. We don't restrict READ, but we control a dataset
which can be read. Everyone can add, multiply, divide, etc. so why
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of R.S.
Sent: Sunday, September 10, 2006 11:35 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone
considering field encryption?)
Jeffrey D
for clear DES key and CLRAES for clear AES key.
These are the only key forms usable by the CPACF interface in ICSF, and
they are not encrypted anywhere, either in storage or on the CKDS.
How about key IMPORT ? Could I keep the key in encrypted form and import
it from CKDS ?
Second thought: CKDS
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of R.S.
Sent: Thursday, September 07, 2006 1:22 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone
considering field encryption?)
Jeffrey D
. With CPACF, there is no need to use ICSF. Thus, applying security
controls to ICSF ciphering is useless. A program can directly use CPACF
instead of ICSF.
I disagree on two points:
1. ICSF is surrounded by Process and Privilege (PP) to get keys into,
out of, share, etc.. If an application manages its
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Alan Altmark
Sent: Thursday, September 07, 2006 10:07 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: ICSF with CPACF
On Thursday, 09/07/2006 at 08:12 CST, Jeffrey D. Smith
[EMAIL PROTECTED
in the application
address space. If that's ok, with all that implies, fine. If that's not
ok, then he should get ICSF functioning again and call the CPACF-based
encryption routines. TDES and AES are available.
The ICSF book has a section on how to use CPACF with ICSF.
He can, of course, look
in cleartext in the application
address space. If that's ok, with all that implies, fine. If that's not
ok, then he should get ICSF functioning again and call the CPACF-based
encryption routines. TDES and AES are available.
The ICSF book has a section on how to use CPACF with ICSF.
He can, of course
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of R.S.
Sent: Wednesday, September 06, 2006 9:04 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone
considering field encryption?)
Jeffrey D
9 matches
Mail list logo