1.
Restrictions for encrypted data sets
-
System data sets (such as Catalogs, SMS control data sets, SHCDS, HSM
data sets) must not be encrypted, unless otherwise specified in
product documentation.
-
Data sets used during IPL must not be encrypted.
Page 5
https://www-40.ibm.com/servers/resourcelink/svc00100.nsf/pages/zOSV2R5izsp100/$file/izsp100_v2r5.pdf
Joe
On Sat, Jan 13, 2024 at 11:06 AM Radoslaw Skorupka <
00000471ebeac275-dmarc-requ...@listserv.ua.edu> wrote:
> I can imagine technical reason to not encrypt such libraries.
> However encryption is a kind of data protection. Data. Not programs.
>
>
> --
> Radoslaw Skorupka
> Lodz, Poland
>
>
>
>
> W dniu 13.01.2024 o 17:28, Steve Estle pisze:
> > Everyone,
> >
> > Our team is knee deep into pervasive encryption rollout on ZOS 2.5 and
> despite the fact such functionality has been out for years by IBM to do
> this, it is quite surprising how many software vendors when you contact
> them they have no clue what you're talking about - that is a complete aside
> - I'm not going to name vendors here but if you want some examples you can
> contact me offline.
> >
> > My true reason for composing this is that we've discovered the inability
> to encrypt load libraries - even in PDSE format. I've yet to get a
> straight answer from IBM on why this is?... Is this a "giant" technical
> hurdle for IBM? Or is it just cause there hasn't been anyone who raised
> the need yet? If the latter does this capability interest others here if I
> were to raise as an IBM idea - would you vote for it?
> >
> > I know this seems innocuous, but we'd like to encrypt as much as
> possible in our environment and due to Top Secret deficiencies we have to
> encrypt at high level qualifier level (HLQ) (all or nothing under each HLQ
> unfortunately). Given we have load module libraries under many differ
> HLQ's this is posing difficulties in moving forward with our rollout when
> an HLQ does have one or more load module libraries as part of that HLQ.
> You can only imagine the pain of renaming a load library given all the JCL,
> etc that is referencing that library name.
> >
> > Also, while encrypting load module libraries might seem a little far
> fetched, there are of course many malicious viruses that have been launched
> by injecting code into a suspecting piece of code.
> >
> > So two questions:
> >
> > 1. Why has IBM not already provided such functionality - can anyone
> speak to the technical hurdles to provide?
> > 2. If I were to submit an IBM idea, can I count on this community for
> some backing here to help in upvoting such an idea submission?
> >
> > Thanks for your indulgence,
> >
> > Steve Estle
> > sest...@gmail.com
> > Peraton systems programmer
> >
> > ----------------------------------------------------------------------
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
