The technical reason "why" is because it would be very difficult to do, would have adverse performance effects for the system, and there is not at this point a business case for providing it. So you're not going to get it just because you think it sounds nice (and even because it sounds "logical" to have it be part of the whole encryption ballgame). It would need to provide real business value.
Please keep in mind that encryption is not about verification. It is about hiding. Program signing is about verification. Program signing is available for PDSE load libraries (not file system directories) and some level of program signing is now available for PDS load libraries to accommodate the needs of Validated Boot for z/OS). FWIW, the validation of a program signature has an unavoidable adverse performance cost too. For some situations, that cost is worthwhile (ICSF has a hard requirement in this area). If you have a business need for program signature of file system directories (more than a "it would be very nice if"), then by all means make your needs known. It might well not happen without your input. Peter Relsonz/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
