(I read the whole thread before starting this reply.)
Steve Estle wrote on 1/13/2024 8:28 AM:
[...]
My true reason for composing this is that we've discovered the inability to
encrypt load libraries - even in PDSE format.
[...]
I know this seems innocuous, but we'd like to encrypt as much as possible in
our environment and due to Top Secret deficiencies we have to encrypt at high
level qualifier level (HLQ) (all or nothing under each HLQ unfortunately).
Given we have load module libraries under many differ HLQ's this is posing
difficulties in moving forward with our rollout when an HLQ does have one or
more load module libraries as part of that HLQ. You can only imagine the pain
of renaming a load library given all the JCL, etc that is referencing that
library name.
So, you have poor naming conventions and a poor security system, and
you want IBM to make difficult changes which will potentially affect
all customers negatively?
2. If I were to submit an IBM idea, can I count on this community for some
backing here to help in upvoting such an idea submission?
I'd vote the highest value of "no".
An aside, since I didn't keep track of which comment mentioned this
(maybe it was on an old item cross-posted from RACF-L?). For those
concerned about ransomware, z/OS encryption of all data at rest means
that a ransomware hacker need only mess up the master key so that no
data sets can be decrypted. No need to waste time encrypting all
data, since it's already encrypted.
/Leonard
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
