Hi Steve, I think you responded to the wrong 'Ray'. The OP of the message was Ray Mrohs, and not me.
Thanks for the info anyway. HITACHI DATA SYSTEMS Raymond E. Noal Senior Technical Engineer Office: (408) 970 - 7978 -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Steve Bireley Sent: Tuesday, October 16, 2007 12:18 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Secure file transfer options? Hi Ray, If you choose a Unix SSFTP client or some kind of SSL/TLS FTP Proxy, make sure it uses the FIPS certified cryptography. OpenSSL is open source and recently received FIPS 140-2 certification. By default, any product that uses OpenSSL, built per the NIST security policy, meets the federal government requirement for encryption software. OpenSSL can be built with our without FIPS. The vendor or open source project can tell you if their product is build with the FIPS certified version. One of the requirements of FIPS is that the user should be able to tell if they are running with FIPS enabled, so it should be readily apparent. Here is the home page for the NIST Cryptographic Module Validation Program. You can find information about certified cryptographic modules. http://csrc.nist.gov/groups/STM/cmvp/index.html Steve Bireley Vice-President Product Development BlueZone Software 1-404-364-1731 www.bluezonesoftware.com www.rocketsoftware.com -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Mrohs, Ray Sent: Tuesday, October 16, 2007 10:58 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Secure file transfer options? Thanks for the tips Adam. Just for the record, The Secure FTP you suggested does work with 5.2 SSLSERV. Ray Mrohs U.S. Department of Justice 202-307-6896 > -----Original Message----- > From: The IBM z/VM Operating System > [mailto:[EMAIL PROTECTED] On Behalf Of Adam Thornton > Sent: Monday, October 15, 2007 4:53 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Secure file transfer options? > > On Oct 15, 2007, at 3:17 PM, Mrohs, Ray wrote: > > > What are my options for encrypted file transfers between Solaris and > > z/VM 5.2? I have secure FTP running in VM, and a test using the > > FileZilla desktop client shows that it works. I'm not sure about > > Solaris > > yet, but the sftp client in Linux does not appear to work with VM's > > secure FTP. I'm suspecting that the Solaris results will be > the same. > > I'd rather not use z/Linux as a relay between Solaris and VM, but if > > it's the only option, I will. The other client that needs to work is > > F-Secure FTP in Windows. > > sftp is not what VM gives you. > > sftp is an ftp-like command stream layered atop the ssh protocol. > There is no native VM implementation of this, although we did > produce > an FTP-to-sftp broker a few years ago that did the trick > (admittedly, > transfers from the VM-hosted Linux guest to the VM system > itself were > in the clear, but all traffic on the actual wire outside the VM box > were encrypted). > > I've had pretty good luck with a product called "Secure FTP" from > Glub Tech. http://www.glub.com/products/secureftp/ > > I know it works with the z/VM 5.3 SSLSERV code in negotiated TLS > mode. I don't remember offhand whether it works with 5.2 in > implicit > mode; I suspect I tested it, but I don't remember the > results. There > certainly *are* a few FTP clients for Linux that *can* cope with > implicit SSL as provided by SSLSERV for the z/VM TCP/IP stack, and > they should be easily buildable for Solaris. > > Since Secure FTP is written in Java, it should work fine on Solaris. > > I don't know about F-Secure FTP. I have not tested it. > > Adam >
