On 7/22/21 3:17 PM, Paul Gilmartin wrote:
It lacks authentication and does not prevent MITM attacks:
I think we might be talking about two slightly, but distinctly, different scenarios.
I took the OP's statement to be talking about needing to move data from one LPAR / CEC on the left side of the room to another LPAR / CEC on the right side of the room. Wherein the room and the network are trusted; a la. internal company network.
What's more is I was anticipating the OP to be performing all of the steps. As such, the OP could validate that the public key copied from the destination system to the source system was in fact one in the same. Be it byte for byte comparison of hex output, or comparison of cryptographic hashes, or even IND$FILE transfers from the destination system to the source system via the common workstation / terminal emulator.
Aside: If the OP needs to do the transfer in conjunction with a fellow SYSOP from elsewhere in the world, they can get on the phone with each other (or use some other out of band communications method that they trust) to confirm public key.
Further aside: If the OP can't safely get a public copied between LPARs / CECs in a trusted network, then s/he has bigger problems. If interlopers are messing with such a transfer, ... that's a *LOT* bigger problem. Problems big enough that asking for help on a mailing list is quite likely not sufficient.
-- Grant. . . . unix || die ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
