Ah, ok, thanks. Makes sense. So in previous versions, what was there? Doesn't
matter, just curious. Looked kinda like a PSW, not necessarily.
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Peter Relson
Sent: Thursday, July 4, 2024 8:15 AM
To:
Without starting/escalating a war here, may I ask about this:
>ooRexx would be a terrible language for automation because automation
>loses control of storage management. Those oop features come at a
>cost. If your product isn't essential then ooRexx is fine but can be a
>huge problem for system
Peter Relson wrote:
>The code is checking 7 bytes at location x'6B' through x'71'.
>As of z/OS 2.5 that area is all zeroes.
>Prior to z/OS 2.5 for any z/Architecture IPL it is not. The same is
>true for location 0 and others.
>Since none of them are programming interfaces (such that changing the
Mainframe Discussion List On Behalf Of Ed
Jaffe
Sent: Wednesday, July 3, 2024 9:59 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: What's at a comma?
On 7/2/2024 3:20 PM, Phil Smith III wrote:
> It would indeed. But I'm astonished that the IPL PSW is zeroes?! Perhaps some
> IBMer can e
Schmitt, Michael wrote:
>The REXX code displays:
>
>
>Which would explain why it isn't branching.
>We were on z/OS 2.4 before.
It would indeed. But I'm astonished that the IPL PSW is zeroes?! Perhaps some
IBMer can explain that. And maybe someone else on 2.5
I don't think "breaks this code" is fair. More like "This code is now equally
broken but no longer randomly 'works' quite as often".
In any case, x'6B' is in the middle of:
FLCER018 DSCL104 FLCE 18x: reserved
...which starts at location x'18'.
On my 2.4 system, that's all zeroes.
"roooRexx" -- ruh roh, Scooby Dooo!
(sorry, couldn't resist)
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Paul Gilmartin
Sent: Tuesday, July 2, 2024 1:55 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Rexx is quite cool, flexible, powerful, feature-rich, thank
t; ____
> From: IBM Mainframe Discussion List on
> behalf of Phil Smith III
> Sent: Monday, July 1, 2024 2:45 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Rexx is quite cool, flexible, powerful, feature-rich,
> thank you! (Re: z/OS 3.1 E
Paul Gilmartin wrote:
>Lack of closure: I don't believe a function package, much less a
>command environment can be coded in REXX. those must be coded in
>another language, therefore less portable.
Well, that's a good point. OORexx makes that somewhat better, but not like P/P.
But I could
I've long maintained that Rexx's (arguable) failure (I'm a huge fan, so I
resist that term, but the popularity of first Perl and now Python kind of make
it true) is due to two things:
1) It's IBM and too many folks therefore concluded it must be bad.
2) There were few decent/public examples of
: Re: As a long-time Rexx programmer
On Thu, 13 Jun 2024 14:40:05 -0400, Phil Smith III wrote:
>...am I the only one who SMH at the documentation for things like
>ISFEXEC
>(https://www.ibm.com/docs/en/zos/2.4.0?topic=language-issuing-commands-isfexec
>)?
> It reads like it was wri
*you're. I'm tired.
-Original Message-
From: Phil Smith III
Sent: Saturday, June 29, 2024 10:48 PM
To: 'IBM Mainframe Discussion List'
Subject: RE: z/OS 3.1 Enhancements & Support News
Ed,
I'm honestly unsure what point your making here. That sounds pissy and I don't
Ed,
I'm honestly unsure what point your making here. That sounds pissy and I don't
mean it to be--just honestly confused?
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
EDWARD GOULD
Sent: Saturday, June 29, 2024 7:56 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re:
SWAG but have you tried a trailing semicolon? Or quotes around the value? I
found an example on the web for another product:
ENVAR C='X Y'
...which sorta suggests that the quotes might work. Might try both flavors of
quote, too.
-Original Message-
From: IBM Mainframe Discussion List On
a set, and I was looking at the main
one. My bad. But customer sent the entire thing from SPOOL and now that I know
what to look for, I see it in hers. And I'll figure out why this output is
separate and fix that.
-Original Message-
From: Phil Smith III
Sent: Friday, June 21, 2024 6:12 P
(Cross-posted to IBMTCP-L and IBM-MAIN)
Had an odd one this morning: a customer who was doing some testing could not
connect to our server (on premises at their site) from z/OS (server is an x86
Linux machine). I saw the email when I woke up and thought "OK, gsktrace to the
rescue!"
But by
dyck>
System Z Enthusiasts Discord: https://discord.gg/sze<https://discord.gg/sze>
“Worry more about your character than your reputation. Character is what you
are, reputation merely what others think you are.” - - - John Wooden
-Original Message-
From: IBM Mainframe Discussion
...am I the only one who SMH at the documentation for things like ISFEXEC
(https://www.ibm.com/docs/en/zos/2.4.0?topic=language-issuing-commands-isfexec)?
It reads like it was written by someone who doesn't quite understand how
variables/literals work in Rexx:
--
You issue commands with the
Nice. Sounds like CMS MODMAP, kinda.
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of Sam
Golob
Sent: Wednesday, June 5, 2024 8:35 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: A new way to look at load modules
Dear Folks,
We have a new TSO command called LISTMOD,
uot;upgrade by cutting a wire" soonish.
Not mainframe, but kinda related. And your fault for making me think of it.
*:-)*
-- R; <><
On 5/31/24 9:49 AM, Phil Smith III wrote:
> I remember hearing that some Amdahl 370 clone was upgradable by cutting a
> wire. Anyone else ev
Heh. In a similar vein, in June 1996 I spent a fun-filled week onsite at a New
York insurance company overseeing testing of a custom program written by some
Israeli contractors.
The project used five rented PCs. I get there and start setting up: one of the
PCs won't connect to the network.
I remember hearing that some Amdahl 370 clone was upgradable by cutting a wire.
Anyone else ever hear this? Can't find a cite on the web.
Just curiosity, no real point to this...! (But it is Friday.)
--
For IBM-MAIN subscribe /
And just to make you laugh/groan/cry, from a book I read last night (fiction),
someone commenting on an encoded transmission:
"I'm pretty sure it's eight-bit ASCII, also known as UTF-8"
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Tony Harminc
Sent: Tuesday, May
Well, thanks. This has been interesting, with at least the typical amount of
thread drift!
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
I'm curious whether any of you old-timers can explain why we have both VTOCs
and catalogs. I'm guessing it comes down to (a) VTOCs
came first and catalogs were added to solve some problem (what?) and/or (b)
catalogs were added to save some I/O and/or memory, back
when a bit of those mattered.
Thanks for the clarification!
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Tony Harminc
Sent: Saturday, May 11, 2024 9:11 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [EXTERNAL] Re: JOB card format
On Thu, 9 May 2024 at 15:01, Phil Smith III wrote
I've said this here before, but it bears repeating: although I'd be the first
to agree that this sounds stupid/basic, make sure they know NOT to turn it on
Just Because. We've had two customers who decided it would increase security,
so they enabled it--for a connection that was already using
GMTA!
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Mike Schwab
Sent: Thursday, May 9, 2024 2:57 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [EXTERNAL] Re: JOB card format
357912 so 5x the 64k limit.
* 60 = 2,1474,720 seconds.
About 1/1000 of a 2GB limit if .001
Rex Pommier wrote, in part:
>So how did they come up with this one? From the JCL reference manual:
>minutes
>Specifies the maximum number of minutes the step can use the processor.
>Minutes must be a >number from 0 through 357912 (248.55 days).
>357912 minutes? My brain isn't coming up with a
pported by, and do not necessarily express or reflect, the views,
positions or strategies of my employer.
From: IBM Mainframe Discussion List On Behalf Of
Phil Smith III
Sent: Wednesday, May 8, 2024 20:59
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: JOB card format
EXTERNAL EMAIL
Thanks. I knew it would
rame Discussion List on behalf of
Phil Smith III
Sent: Wednesday, May 8, 2024 7:38 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: JOB card format
I just spent far longer Googling than I think I should have NOT finding
documentation on the format of a JOB card
ttps://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com
On Wednesday, May 8th, 2024 at 7:38 PM, Phil Smith III wrote:
> I just spent far longer Googling than I think I should have NOT finding
> docum
I just spent far longer Googling than I think I should have NOT finding
documentation on the format of a JOB card. Surely this exists.?
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
Sent: Wednesday, May 8, 2024 2:30 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: EBCDIC/ASCII - FTP
On Wed, 8 May 2024 12:05:26 -0400, Phil Smith III wrote:
>"I have seen this before"--what is "this"?
>
I believe he's referring to my citation of the classic rant:
&l
Thanks. That wasn't obvious to me because I did not get from that Bemer page
that IBM had erred in not making the 360 ASCII only--just that had the software
actually supported ASCII, things would have been different. Better? Maybe; it's
certainly been that case that a ton of resources have been
"I have seen this before"--what is "this"?
I'm curious about your assertion that ASCII/EBCDIC cannot translate cleanly.
With the right EBCDIC code page, we do this every day. The basic etoa() and
atoe() work fine, have not caused problems--and we care a lot about specific
characters, as we
See code produced by different compilers. (Search for "s390x" in the "choose
compiler" box to find the Z compilers)
https://godbolt.org/
What strange hobbies some people have! (I'm including myself there)
--
For IBM-MAIN
BM wrote, in part:
>On zOS, its EBCDIC file, is there any solution first convert to ASCII then
>Terse send?
Google is your friend:
"z/os" "convert to ascii"
immediately found lots of discussion, including
https://bit.listserv.ibm-main.narkive.com/kIFvk8fr/data-conversion-ebcdic-to-ascii
which
allman
MVS/Quickref Support Group
On Sat, Apr 27, 2024 at 7:09 AM Colin Paice <
059d4daca697-dmarc-requ...@listserv.ua.edu> wrote:
> See gsk_strerror()
> <https://www.ibm.com/docs/en/zos/2.4.0?topic=reference-gsk-strerror>
>
> On Fri, 26 Apr 2024 at 23:16, Phil S
Radoslaw Skorupka wrote:
>"vel" is not Polish. We don't have letter "v". It is latin, so I
>supposed it is wide known.
>And yes, it is "aka".
>BTW: WTF is aka??? :-)
Interesting. I believe ya (not gonna argue with someone about their native
language!) but the usage seems to be Polish, per:
Thanks to all; BPXMTEXT is what I was looking for, though it didn't help in
this case.
-Original Message-
From: Phil Smith III
Sent: Friday, April 26, 2024 6:16 PM
To: 'IBM Mainframe Discussion List' ;
'mvs...@vm.marist.edu'
Subject: Hex error code interpreter?
Did I dream
Did I dream it, or is there some utility that can take an error such as
gsk_encrypt_tls13_record(): AES GCM Encryption failed: Error 0x03353084
and interpret the 0x03353084? I swear I remember seeing this but can't find it
now. Getting old sucks*.
*But consider the alternatives.
For those who are curious like me, "vel" is Polish for "AKA". That was my
guess, confirmed via Tha Goog.
Not throwing shade at Radoslaw, whose English is better than that of a lot of
folks on the list who are native speakers!
-Original Message-
From: IBM Mainframe Discussion List On
Also lots of stuff went to UNICOM, like the Optim products (and more).
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
More: One of the folks who was having problems writes:
>I gave up on using my pacbell.net email...I switched my Assembler list
>and IBM MAIN list to my .gmail email address and all is well.
I looked, and pacbell.net has no SPF record. Remember, mine started flowing
once I had enabled SPF,
Gil asked:
> How do regular expessions play with R-to-L text?
https://stackoverflow.com/questions/50570322/regex-pattern-matching-in-right-to-left-languages
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send
I'm'a try to post this from my lists@ address, because I suspect it will work.
Longish but (if you're reading it at all) it suggests some progress on the list
email issue.
To recap, as of a couple of weeks ago:
- I was suddenly not able to post from lists@
- I was still getting the daily digest
Charles wrote:
>When I was doing security presentations as part of my job one of the
>"controversies" I ran into was that the supposed percentage of insider
>attacks is all over the place. I used to see 85% in one set of
>statistics and nearly zero in others. I have no independent knowledge.
My
Tony Harminc wrote:
>Yes, storage administrators are a small population, but their
>credentials can be compromised as much as anyone else's, and then
>you're not dealing with rogue storage admins but with criminal (or
>goverment or whatever) actors. And storage admins (or their
>credentials) may
Well that's a good point, Charles. A relatively minor risk, compared to
external attackers, but I suppose they could come in via the sandbox/test
system, too.
Definitely a "Swiss cheese attack"!
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Charles Mills
Sent:
Digest showing up is of course a positive step, but not the answer. I've always
gotten the digests on my lists@akphs address, just (starting recently) couldn't
post. Now you seem to be able to do both, but can't get a QUERY IBM-MAIN
response.
-Original Message-
From: IBM Mainframe
Farrell
Sent: Saturday, April 6, 2024 9:41 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Posting issues?
On Fri, 5 Apr 2024 15:36:21 -0400, Phil Smith III wrote:
>Yeah, I have SPF records.
But, increasingly, it seems to be necessary to have DMARC and DKIM properly
setup, too. I don't k
es. DNSSEC is a pain in all cases and impractical for most.) But I
don't know if Yahoo! is flagging things based on DNSSEC or lack of.
Anyone else having troubles, let's circle-up off-list and see what we can
figure out.
-- R; <><
On 4/5/24 14:34, Phil Smith III wrote:
> Star
Starting about a week ago, I noticed that posts sent from my lists@akphs
address weren't showing up in the archives. Email to
mailto:lists...@listserv.ua.edu with QUERY IBM-MAIN got no response; same from
my work address got the expected "not subscribed" message. Yet my daily digest
to that
13:32:46 -0400, Phil Smith IIIwrote:
>...
>I don't have a solid answer other than that file tagging seems to matter, so
>chtag is your friend.
> .
Does the FTP server have such as a SITE CHTAG command?
Will FTP automatically tag a file to the value in SBDATAC
Radoslaw asked about default translate tables for FTP. My earlier thread titled
"FTP problem", here and MVS-OE, seems related.
I don't have a solid answer other than that file tagging seems to matter, so
chtag is your friend.
Or I've misunderstood the question, of course.
Colin Paice wrote:
>It may be interaction with _BPXK_AUTOCVT environment variable, and
>possibly the FILETAG
Hmm. _BPXK_AUTOCVT is ON; setting it to OFF means that a text file tagged as
ISO8859-1 now displays as garbage, which makes sense. IBM-1047 and untagged
files display OK. (It also breaks
stery is what's making a random file created via echo (or
various other things) be ISO8859-1 instead of native EBCDIC?!
From: Phil Smith III
Sent: Monday, October 30, 2023 6:13 PM
To: 'ibm-m...@bama.ua.edu'
Subject: RE: FTP problem
Off-list reply pointed out that I meant "z/O
For me, this prompts discussion over "Is using SIGNAL worse than not
modularizing the initialization?":
/**/
stuff
signal DoInit
DoneInit:
.
DoInit:
numeric digits 40
.
signal DoneInit
---
Discuss :)
--
For IBM-MAIN
There seems to be confusion about what Base64 (jeez, I keep typing "54" or
"65"!) encoding is. It's just what it sounds like: an
encoding of characters using a 64-character* alphabet, i.e., six bits at a
time. Hex '01020304' Base64-encodes to the same set of
8-bit characters whether ASCII or
Yes, the Serena stuff is part of the divestiture to Rocket.
Request: more extensive Subject: lines than "Question". Makes the list much
more useful.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email
Quite possibly a stupid/useless suggestion, but: what about SIDEFILE entries?
It's been 15 years since I remember looking at those. We had a ton of long
entry point names in ported code, and used SIDEFILE for a while.
We later got around needing SIDEFILE in a super-hackish way: we create a
Michael Schmitt wrote, in part:
>Microsoft Exchange has started quarantining too many messages from
>this listserv as "phishing". It is several per day; one day there was 16.
My understanding of DMARC is incomplete, but here are some observations.
First, one of your examples had a
Shmuel wrote:
>I was thinking of zCX as hosting containers
>The process for deploying virtual machines in z/VM is different
>although it also eliminates manual setup that used to be necessary.
>i was trying to illustrated that the automation of deployment was not
>limited to the cloud.
Ah!
Shmuel asked:
>How do containers in the cloud differ from containers on the
>mainframe? How difficult is it to provision a new z/VM virtual machine
>with contemporary software? ow much is just different coverage in the
>in-flight magazines versus substantive benefits of the cloud?
Just checking:
Dave Beagle wrote:
>Large amounts of data, including AI, will require processing power
>(and security) unlike anything DP has seen. Perfect for the mainframe.
>And, there ARE new mainframe shops.
"processing power"-the mainframe lost that battle long ago.
"security"-there's nothing inherently
Bob Bridges wrote:
>"...where mainframes' resilience meets the agility of cloud computing."
>What is the "agility" of the cloud, exactly?
The ability to spin up more instances [of applications that are built that way,
obviously] on demand/automatically. For certain very peaky workloads this is
roscoe5 asked:
>how do you see the future for mainframes?
>Increasing, steady, declining, .
[Editorializing ahead!]
As usual, "It depends". There are fewer mainframe shops than there were, but
more usage.
A simple example: consider payment processors, many (not all) of whom have at
Thanks. I got BPXMTEXT working, added to SYSPROC. But first I invoked it the
hard way, via:
TSO EXEC 'SYS1.SBPXEXEC(BPXMTEXT)' '7663730C'
I was confused: never having seen the output, and not knowing what caused
7663730C, the output:
TCPIP
JRNetAccessDenied: The user is not permitted to
Colin Paice wrote:
>tso command bpxmtext 7663730c
I get:
COMMAND BPXMTEXT NOT FOUND
?
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Peter wrote:
>Still I am trying to understand encryption and decryption load goes to
>general CP Incase if you don't have CPACF or ICSF ?
Even with CPACF and ICSF, some/most of the encryption load is on the CPU. They
aren't magic. CPACF is faster, but it's still fundamentally executing Z
Peter wrote:
>After implementing ATTLS there is some delay in our CICS transaction but I
>was suspecting if sn absence of crypto processor can overload the general
>processor to cause this delay ?
Define "some delay". Adding AT-TLS means that a TLS handshake is being added to
the communication.
Peter wrote:
>I have a general question here. When you don't have crypto processor, So
>when a ATTLS traffic is enabled does the encryption and decryption handled
>by Started task TCPIP or the general processor?
The TCPIP started task is just code and runs on the general processor, so your
Itschak Mugzach wrote:
>The STIG does not allow a uss keystore.
Ummmkay? I see no mention of a STIG here. But as I said, I'm even SWAGging what
he really wants/needs.
--
For IBM-MAIN subscribe / signoff / archive access
Radoslaw Skorupka wrote, in part:
>"security by obscurity" means just the key under the mat.
I'd agree that it perhaps SHOULD mean that, but that isn't how people use the
term. And even then, I'd submit that that's just another trivial case of "if
you have enough": you have to know/think to
If you mean certificates for TLS, the USS gskkyman utility is great for
testing/verification. Nothing wrong with it for production, but most sites in
my experience are happier with the certs in SAF (RACF/ACF2/TSS) for production.
The beauty of gskkyman is that it's isolated AND discrete. With
Paul Gilmartin wrote:
>I believe otherwise. I know of a case where a vendor allowed a product
>to escape to the field containing a tester's back door, and another
>related to II14489. Either could be exploited with no brute force,
>merely knowledge of the existence and nature of the defect. In the
Leonard D Woren wrote, in part:
>Software can be hacked.
Um. And? What's your point? Anything can be hacked:
https://xkcd.com/538/
The phrase "security by obscurity" has bothered me for years. It's *ALL*
security by obscurity. If you have enough "stuff"-time, money, guns
(wrenches)-you can get
Steve Estle wrote, in part:
>but we'd like to encrypt as much as possible in our environment
Why? What problem are you trying to solve? Remember that DSE provides
protection against exactly two attacks:
1) Someone getting at the wire between the array and the CEC
2) Rogue storage admin
Interesting discussion. Some thoughts.
First, it's not "Pervasive Encryption" you're talking about. It's IBM z/OS data
set encryption (DSE). PE is the IBM encryption strategy. When data set
encryption came along, IBM kept calling it PE, but it's just part of PE (the
rest of which hasn't
Paul Gilmartin wrote:
>STOW 'Abc Xyz!'probably works.
>STOW 8X'FF' probably doesn't or produces unexpected results.
Ah.this is in reference to the original question, sorta, not to my "Why?"
question. Thanks.
--
Radoslaw Skorupka wrote:
>The "8 characters rule" is widely used in z/OS and mainframe world.
>Why?
Presumably because a doubleword is a nice, discrete size of data-big enough to
be useful, small enough to manipulate with things like two (now one) register?
And Steve Beaver added:
>The simplest
Paul Gilmartin wrote, in part, in answer to "Why can't a data set name element
start with a digit":
>Left-to-right lexical analyzer that treats anything beginning with a digit
>as a number.
I'm willing to believe this, but am unclear on why whatever is parsing a DSN
would care whether it's a
Has anyone ever understood why data set/member names cannot start with
numerics? Just curious, as it seems like an odd restriction.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
Am I the only one who keeps reading this thread subject as "TIPPING for z/OS"
and thinks, ", this tipping thing is REALLY getting out of hand!!!" ?
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email
Dean Kent wrote:
>In that case, I think that California law would not apply. I have the
>impression (perhaps mistaken) that the labor laws apply to residents,
>not remote workers.
This is correct. I know this because when HP bought Voltage Security, we were
no longer able to roll over
Now that we've gotten to clarify on the Basic Constraints thing (TL;DR: the
RFCs require it; System SSL does not, prior to TLSv1.3; for LE at least, an
ENVAR can override it), I have a follow-on question:
Can I set an environment variable outside of LE and have it apply to the LE
enclave?
Kurt Quackenbush wrote, re:
>> NAME ABCDITSK ABCPROC#C C_CODE
>I believe SMP/E supports a maximum of 8 characters for the LMOD,
>CSECT, and CLASS names specified on the IMASPZAP NAME statement. CSECT
>name ABCPROC#C is 9 characters.
Right, but that's the generated name-the module is
Binyamin wrote:
>Unless you are sending this via teletype or FAX, I question why you
>would provide a zap rather than a module replacement.
Well, we've been discussing that already. But we'd like to understand it at
least.
Meanwhile, Tom Marchant's suggestion sounded helpful, except it's C
Oh. It does say:
"If TLS V1.3 is negotiated for a secure connection, certificate validation is
done according to RFC 5280 unless explicitly specified."
but also still says "The default value is ANY."
That seems a tad bit unclear, should be more like:
" The default value is ANY, unless TLS V1.3
>From a coworker, who tried to post but it seems to have vanished-not even a
>bounce?! If it just got stuck somewhere, this might be a duplicate, sorry.
I am having problems trying to convert a normal ZOS AMASPZAP to a SMPE ++ZAP.
When I run the zap through a standalone AMASPZAP
Chris Meyer wrote:
>I checked with the System SSL folks on this.
>It sounds like what you're observing is a difference in default System
>SSL certificate validation mode settings Between TLSv1.2 and TLSv1.3.
>See the description of the System SSL GSK_CERT_VALIDATION_MODE
>parameter in this
Charles wrote:
>The critical bit is there to provide upward compatibility for
>certificates, which are a standard that is implemented in everything
>from z/OS to Nest Thermostats to Balckberrys that have not been
>updated in ten years.
>The critical bit says "this extension really matters. If you
Charles Mills wrote, in part:
>Confirming:
>The complaint was at the client end. The client is z/OS. The complaint
>was that the CA root had a Basic Constraints extension that was not
>marked as critical?
Yes. And that it only seems to matter to gsk when the client says "I can do
TLSv1.3".
Peter Sylvester wrote, in part:
>There is a difference between what you must set and what you must
>verify. 5280/3280 is clear (IMO) about that.
>when you verify a cert, AND you know about the extension, you just
>verify the extension and don't care about the critical bit
>Since the error
(Cross-posted to IBM-MAIN and IBMTCP-L)
Our z/OS product acts as a client to our non-z/OS server. As such, it makes TLS
connections to fetch Policy and keys.
As I've written previously, we had a problem when we added TLSv1.3 support to
the z/OS product, getting errors:
ERROR
All the big-brain mathematicians/cryptographers I know are extremely skeptical
about quantum computing ever becoming a reality. The problems of stability are
also exponential, and so getting from a few dozen/hundred qbits to something
big enough to be reasonable may be essentially impossible.
Ed Jaffe recommended against creating a SAF class. I'll respectfully suggest
that it's not that hard.
First, if you do, IBM told us, "Start the class name with a dollar sign-we'll
never use those". Of course you could collide with
another vendor, but that's unlikely.
We've had customers doing
Shmuel wrote:
>Whoops! Somehow I missed the last sentence of the paragraph.
Ah hah! Hence the confusion. Glad we straightened that out.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
Stuart Holland wrote, in part:
>Also, the cards only had the punches - no text across the top.
That was called "interpreting" cards, IIRC. I forget whether there was a
machine to do this (not that a site with no more punches or readers would have
had one!), but I bet others here will remember.
1 - 100 of 1079 matches
Mail list logo