Re: ICSF and z/OS 2.3

I'm afraid I can't help on that end. I'm an expert in the HSM (I've been developing them since the first IBM HSM started as a research project in the 1980s), but not in ICSF releases. Hopefully, someone else will know the answers to your questions.

Re: Connect:Direct and ICSF (was ICSF and z/OS 2.3)

W dniu 2019-01-23 o 17:57, Todd Arnold pisze: In particular, you don't get any of the financial crypto verbs without a Crypto Express. The standards do not allow banks to perform functions like those unless they are executed in a physically and logically secure crypto device. Yes, but financ

Re: Connect:Direct and ICSF (was ICSF and z/OS 2.3)

In particular, you don't get any of the financial crypto verbs without a Crypto Express. The standards do not allow banks to perform functions like those unless they are executed in a physically and logically secure crypto device.

Re: ICSF and z/OS 2.3

Thanks Todd, Please confirm: A0 was the first release where a card was not required for /dev/random (but ICSF was required to be started). If so, how was it done in ICSF? Your note only mentions how it was done if you had a card. On Wed, Jan 23, 2019 at 8:06 AM Todd Arnold wrote: > There ha

Re: ICSF and z/OS 2.3

There have been several changes over the years to improve performance of random number generation, but the important thing is that the random numbers were always generated using secure methods. As Greg mentioned, ICSF started using the CEX long ago to get random numbers, which were generated in

Re: ICSF and z/OS 2.3

Gary: Thanks for the pointer to OA55437, I was not aware of that APAR. It specifically says that /dev/random uses the TRNG (True Random Number Generator) which is implemented on the CPACF. Kirk: RNGCACHE was introduced with HCR77B0 (the first time I see it is in the ICSF SPG is SC14-7507-03)

Re: ICSF and z/OS 2.3

ers and MACs > > Regards, Gary > > > Sent from Mail for Windows 10 > > From: Kirk Wolf > Sent: Saturday, 19 January 2019 10:30 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: ICSF and z/OS 2.3 > > ICSF is currently required if you want to use the Unix /dev/random and

Re: ICSF and z/OS 2.3

, directly for certain ciphers and MACs Regards, Gary Sent from Mail for Windows 10 From: Kirk Wolf Sent: Saturday, 19 January 2019 10:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ICSF and z/OS 2.3 ICSF is currently required if you want to use the Unix /dev/random and /dev/urandom devices. These

Re: ICSF and z/OS 2.3

I'm pretty sure that /dev/random has not required a card since ICSF HCR77A0. I believe that this was the release that introduced RNG caching. I'm not sure if I understand...you say that ICSF will "start making RNG calls to the CEX card" but later that "on current technology, the CEX does not pla

Re: ICSF and z/OS 2.3

I started to send you an offline note to ask about /dev/random ... First, the way I understood it, was that the really old /dev/random drivers generated random numbers in software, and it was really slow. Going back to the PCICC and PCIXCC cards, there was a RNG function on the card. I don't

Re: ICSF and z/OS 2.3

Greg - /dev/random use does require ICSF to be started, but is it affected (improved) by the presence of a crypto card? That was not my understanding, but I could be wrong. On Tue, Jan 22, 2019 at 7:27 AM Greg Boyd wrote: > There may have been changes to Connect Direct since the last time I w

Re: Connect:Direct and ICSF (was ICSF and z/OS 2.3)

ny > > > >-Original Message- >From: IBMaMainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On >Behalf Of Greg Boyd >Sent: Tuesday, January 22, 2019 8:27 AM >To: IBM-MAIN@LISTSERV.UA.EDU >Subject: Re: ICSF and z/OS 2.3 > >[[ SEI WARNING *** This

Re: Connect:Direct and ICSF (was ICSF and z/OS 2.3)

half Of Greg Boyd Sent: Tuesday, January 22, 2019 8:27 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ICSF and z/OS 2.3 [[ SEI WARNING *** This email was sent from an external source. Do not open attachments or click on links from unknown or suspicious senders. *** ]] There may have been changes

Connect:Direct and ICSF (was ICSF and z/OS 2.3)

Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Greg Boyd Sent: Tuesday, January 22, 2019 8:27 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ICSF and z/OS 2.3 [[ SEI WARNING *** This email was sent from an external source. Do not open

Re: ICSF and z/OS 2.3

There may have been changes to Connect Direct since the last time I worked with it, but I suspect ICSF is required if you want to leverage the hardware technology, and specifically the CEX cards. As Kirk points out, if you want to use the random number generation on hardware then you need ICSF

Re: ICSF and z/OS 2.3

Also it’s required for Connect Direct Sent from my iPhone Sorry for the finger checks > On Jan 18, 2019, at 17:29, Kirk Wolf wrote: > > ICSF is currently required if you want to use the Unix /dev/random and > /dev/urandom devices. > These might be required by Unix apps (or jobs/stcs that use z

Re: ICSF and z/OS 2.3

ICSF is currently required if you want to use the Unix /dev/random and /dev/urandom devices. These might be required by Unix apps (or jobs/stcs that use z/OS Unix System services). For exampe: IBM OpenSSH server will not work without ICSF and /dev/random available. On Fri, Jan 18, 2019 at 5:24 P

Re: ICSF and z/OS 2.3

ICSF is only required if you want to use the ICSF APIs, so it depends on what, if anything in your shop might be using the APIs. System SSL (TLS) will certainly leverage the APIs if you have Crypto Express cards available and that might provide some CPU relief. The Guardium Database Encryption

Re: ICSF and z/OS 2.3

Nope. The Actually dfHSM did not give a flying freep about the keys. It just wanted the ICSF task started. -Original Message- From: IBM Mainframe Discussion List On Behalf Of R.S. Sent: Friday, January 18, 2019 3:35 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ICSF and z/OS 2.3 What

Re: ICSF and z/OS 2.3

, Allan Staller pisze: Yes. For certain fuinctions. Found out the hard way during 1 DR exercise. -Original Message- From: IBM Mainframe Discussion List On Behalf Of R.S. Sent: Friday, January 18, 2019 3:17 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ICSF and z/OS 2.3 W dniu 2019-01-18 o

Re: ICSF and z/OS 2.3

Yes. For certain fuinctions. Found out the hard way during 1 DR exercise. -Original Message- From: IBM Mainframe Discussion List On Behalf Of R.S. Sent: Friday, January 18, 2019 3:17 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ICSF and z/OS 2.3 W dniu 2019-01-18 o 19:21, Allan Staller

Re: ICSF and z/OS 2.3

W dniu 2019-01-18 o 19:21, Allan Staller pisze: AFAIK, no. However, ICSF is a pre-req for several other tasks (e.g. dfhsm) I believe it is in your best interest to install ICSF on all connected LPARs Is ICSF realy required by DFSMShsm? It's been very long time since I have ICSF up and working,

Re: ICSF and z/OS 2.3

...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Allan Staller Sent: Friday, January 18, 2019 10:22 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: ICSF and z/OS 2.3 AFAIK, no. However, ICSF is a pre-req for several

Re: ICSF and z/OS 2.3

-MAIN@LISTSERV.UA.EDU Subject: ICSF and z/OS 2.3 Hello all, Does anyone know if z/os 2.3 requires ICSF to be installed on each LPAR? Thanks, Mary Kay Large Systems Engineering IT Infrastructure Humana 123 E. Main St. 40202 (CT6) 502-476-2772 mtube...@humana.com<mailto:mtube...@humana.

ICSF and z/OS 2.3

Hello all, Does anyone know if z/os 2.3 requires ICSF to be installed on each LPAR? Thanks, Mary Kay Large Systems Engineering IT Infrastructure Humana 123 E. Main St. 40202 (CT6) 502-476-2772 mtube...@humana.com --