I'm probably the odd one out, but I say "SEE-pack-eff" and "kicks" for CPACF and CICS and I'm on the east coast of the US.
And, yes, we (ICSF) do exploit the new z15 CPACF functions available with MSAE9 (Compute Digital Signature Authentication (KDSA)) for EC key pair generation, digital signature generate/verify, and key agreement for curves P-256, P-384, P-521, Ed25519, and Ed448. Since System SSL calls us for those curves, they get the performance benefit as well. Eric Rossman, CISSP® ICSF Cryptographic Security Development z/OS Enabling Technologies [email protected] IBM Mainframe Discussion List <[email protected]> wrote on 05/07/2021 12:57:01 PM: > From: Lennie Dymoke-Bradshaw <[email protected]> > > Tom, > > CPACF is considered part of weaponry by the US government and so it > has to be capable of being disabled for those countries where > exportation of encryption is restricted by US Govt arms rules. This > is why it has to be explicitly selected. > > CPACF is actually a pre-requisite for enabling a Crypto Express > device. CPACF is used extensively in TLS. TLS uses clear key > encryption for data transport and this is where the majority of > encryption work is performed in TLS. However, I see the latest CPACF > on Z15s have some new asymmetric functions, so maybe CPACF can be > used in the TLS handshake as well now. > > Lennie Dymoke-Bradshaw > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On > Behalf Of Tom Brennan > Sent: 07 May 2021 16:55 > To: [email protected] > Subject: Re: 3270 emulator / telnet with encryption > > On 5/7/2021 6:19 AM, Phil Smith III wrote: > > > It's a reasonably safe bet that any machine today has CPACF; that was > > not always true, of course. > > When IBM or a business partner configures a new machine, there's a > checkmark for CPACF (zero charge), but it defaults to unchecked. So > when ordering a new machine I'd suggest the customer ask to make > sure that free feature code is supplied. > > If the machine comes with a crypto card, CPACF is automatically > selected and required. No need to ask in that case. > > Side subject - so how do you pronounce CPACF? I always say each > letter, but some IBM crypto folks say C-Pack-F ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
