There is a product called Distributed FileManager/MVS which I believe used
to have a Windows client (1997) but now only seems to support OS/2, AS400,
and AIX. For more info look at
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.idag200/d9069.htm
to see if this is what
Len Sasso wrote:
>I'm sorry, but I meant accessing, via a REST API, an external
>Website and downloading a file from the external site?
You could use either the z/OS Client Web Enablement Toolkit (for basic
function) or z/OS Connect Enterprise Edition (fuller function) to do that.
z/OS would then
I guess you would call that "issuing a certificate."
Certificates -- the entire certificate -- are signed. They include a public
key.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Andrew Rowley
Sent: Wednesday, April 4,
On 5/04/2018 1:01 PM, Charles Mills wrote:
Keys are not signed, at least not generally.
Messages may be signed; a process that involves two keys.
What do you call it then when I generate a key pair and submit the
public key to a CA, they perform some form of verification and return a
certifi
Three months may be the new normal. That is all that LetsEncrypt is doing.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Lester, Bob
Sent: Wednesday, April 4, 2018 4:29 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Security
> Whether the key itself is signed by a CA
Keys are not signed, at least not generally.
Messages may be signed; a process that involves two keys.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Andrew Rowley
Sent: Wednesday
Hi Folks,
As someone who is currently dealing with this - replacing unexpired
certificates (to the Digicert Intermediate/CA from the Symantec CA) for our F5s
and back-end servers, I can tell you that this is a pain in my butt. Can't
renew while replacing unless within 90 days of expirat
On Wed, 4 Apr 2018 15:57:02 -0700, Charles Mills wrote:
>> As for Certificate Authorities, quis custodiet ipsos custodes?
>
>Google LOL.
>https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
>
How will that be removed from my Firefox? Routinely, with updates, or
will i
On Thu, 5 Apr 2018 08:56:04 +1000, Andrew Rowley wrote:
>... You trust your vendor implicitly by using their browser.
>>
>> THAT is what CA/Browser Forum (CAB) industry group is all about.
>Right, but I was just nitpicking the statement that a public key on a
>website doesn't require a CA.
>
>Whe
> As for Certificate Authorities, quis custodiet ipsos custodes?
Google LOL.
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Paul Gilmartin
Sent
On 4/04/2018 11:02 PM, Alan Altmark wrote:
Because you accessed the web site via https://, causing the transmission of the
key to be encrypted and tamper-proof. Further, Charles' web site uses a
certificate published by a Certificate Authority that YOU trust. Or more
precisely, he uses a CA
On Wed, 4 Apr 2018 17:34:45 -0500, Walt Farrell wrote:
>
>Of course, you want a checksum method that is strong enough that an attacker
>can't create a modified file that will have the same checksum. SHA-1 is no
>longer strong enough to guarantee that, from what I've read. SHA-2 should be
>strong
On Wed, 4 Apr 2018 10:54:04 +1000, Andrew Rowley
wrote:
>On 4/04/2018 10:29 AM, Paul Gilmartin wrote:
>> So is a signature any more secure than an independently verifiable checksum,
>> or just more practical?
>If you get the checksum via a reliable channel I think it is as secure.
>The digital s
The doc says online, offline and both earlier in the doc.
Sent from my iPhone
> On Apr 4, 2018, at 3:42 PM, Pommier, Rex wrote:
>
> Actually I think an English major would disagree with your documentation
> assessment. 3-Either means if it is either online or offline, add it to the
> list, 3
Actually I think an English major would disagree with your documentation
assessment. 3-Either means if it is either online or offline, add it to the
list, 3-Both says it has to be both online and offline to get included. :-)
Rex
-Original Message-
From: IBM Mainframe Discussion List [
Thank you both for the historical perspective, and special thanks to Jim
for the additional up-to-date clarification - it now makes much more sense.
Best regards,
Dori
On Wed, Apr 4, 2018 at 8:44 PM, Jim Mulder wrote:
> SVC Assist has not been used since MVS/ESA SP3.1.0 (30 years ago),
> so
I have a program that reads VOLSERS for offline volumes. It works fine for
several flavors of VM and Z/OS, and returns the data in a few MS. But takes a
minute when issued to a device in a copy pair. If I issue it a second time, it
runs fast, so I suppose it could be coming from CACHE or some bi
Yep, that's what TLS does.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of R.S.
Sent: Wednesday, April 4, 2018 9:40 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Software Delivery on Tape to be Discontinued
W dniu 2018-04-04
No not a remote z/OS, but a distributed system. I.E. Intel and such.
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of R.S.
Sent: Wednesday, April 04, 2018 11:44 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: File access from remote system
SVC Assist has not been used since MVS/ESA SP3.1.0 (30 years ago),
so the SVCASF bit has had no meaning for 30 years. It is on in the
SVC 13 and SVC 26 entries because of some obsolete code in
IEAVNPS5, which should have been deleted. However, this causes
no harm, since the bit is not use
W dniu 2018-04-03 o 19:44, Ward, Mike S pisze:
Hello all, does anyone know of any software that allows access to VSAM, SEQ,
CICS files from remote systems. I.E. distributed systems. How is the access
done? Web service calls? MQ calls?
Remote z/OS ? ;-)))
Two free (built in) options:
* DFS/SM
W dniu 2018-04-04 o 17:34, Charles Mills pisze:
IBM sign the hash (in fact they sign whole serverpac)
I think the "whole serverpac" is effectively signed -- but the way that is done
is to sign the hash. There are security advantages too long a digression for this reply.
If you really want to
> IBM sign the hash (in fact they sign whole serverpac)
I think the "whole serverpac" is effectively signed -- but the way that is done
is to sign the hash. There are security advantages too long a digression for
this reply.
> If you really want to encrypt the content (ie. DVD files) then you h
"SVC Assist" is a facility that performed some common housekeeping operations
on behalf of the SVC - for example, copying the information
stored at the last SVC interruption into the current request block, saving
general registers, and loading the general registers with appropriate values.
It w
W dniu 2018-04-04 o 02:58, Andrew Rowley pisze:
On 4/04/2018 10:53 AM, Charles Mills wrote:
No, a digital signature does not require an authority.
I publish my public key on my Web site.
How do I verify that the key that I see browsing your website is
really yours and hasn't been e.g. substit
I'm sorry, but I meant accessing, via a REST API, an external Website and
downloading a file from the external site?
Thank You,
Len Sasso
System Administrator
Out-Of-The-Office:
TEAM: Together Everyone Achieves More
RDC - 327 Columbia TPKE, Rensselaer NY 12144-4400
t: +1.518.257.4209 | m: +1.51
Thanks, @Alan, I missed @Andrew's question (or rather, my SPAM filter missed
it for me).
Alan's answer is unquestionably the correct one -- and also, I think in the
earliest days of digital signatures, before the use of SSL/TLS browsing was
widespread, the idea was that my public key was "publ
Sasso, Len wrote:
Does it include the ability to access and download a file from a REST API site?
Yes. You can find it, read it, and write it, in fact (and much more).
Please see Table 273 on PDF p. 508 in IBM z/OS Management Facility
Programming Guide, here, for a list of what you can do wi
Does it include the ability to access and download a file from a REST API site?
Thank You,
Len Sasso
System Administrator
Out-Of-The-Office:
TEAM: Together Everyone Achieves More
RDC - 327 Columbia TPKE, Rensselaer NY 12144-4400
t: +1.518.257.4209 | m: +1.518.894.0879
len.sa...@csra.com | www.cs
On Wed, 4 Apr 2018 10:58:16 +1000, Andrew Rowley
wrote:
>How do I verify that the key that I see browsing your website is really
>yours and hasn't been e.g. substituted in transit? Key exchange is the
>hardest bit of cryptography.
Because you accessed the web site via https://, causing the trans
http://mzelden.com/mvsutilr.html#jobs
Lou
--
Artificial Intelligence is no match for Natural Stupidity
- Unknown
On Wed, Apr 4, 2018 at 7:20 AM, Tony Thigpen wrote:
> I have been tasked with bringing our mini recovery system to a more
> current level. It's 'way back there', it's actually pre
Tony,
I believe Mark Zelden website has lot of scripts for building mini systems.
Dan
Sent from Yahoo Mail for iPhone
On Wednesday, April 4, 2018, 9:20 AM, Tony Thigpen wrote:
I have been tasked with bringing our mini recovery system to a more
current level. It's 'way back there', it's actua
I have been tasked with bringing our mini recovery system to a more
current level. It's 'way back there', it's actually pre-z/OS.
Our current production system is z/OS 1.13.
Can anybody point me to a power-point or other document that I can use
as a guide for this process?
--
Tony Thigpen
-
Timothy Sipples wrote:
I probably should have also mentioned that z/OS Management Facility
(z/OSMF) provides REST APIs for such tasks as provisioning services,
submitting jobs, console interface services, and much more. z/OSMF is a no
additional charge feature in the base z/OS operating system, a
Andrew Rowley wrote:
On 3/04/2018 9:21 PM, John Eells wrote:
If you have a requirement for packages signed with strong algorithms,
please open an RFE.
Is the SMP/E package signed, or just checksummed? A stronger hash is no
real value if the hash itself can be substituted because it is not
cry
Hello,
Does anyone know the meaning of the SVCASF bit (x'01') of the SVCTP byte of
the SVC table?
If I am not mistaken, on our system (z/OS 2.2 ADCD) following the IPL this
bit is off for all SVC's except SVC 13 (ABEND, IEAVTRT2) and SVC 26 (LOCATE
/ CATALOG, IGG026DU). Also, I did not see an op
36 matches
Mail list logo
