There are many ways to skin a cat.
You can rely on industry standards like certificates and CA's.
You can also use your own methods.
You can use both. Yes, double security.
What I could do:
1. Establish some secure file transfer. It can be FTPS, sftp, commercial
MFT applications like Sterling Co
On 7/22/21 6:21 PM, Charles Mills wrote:
Agreed. By "roll your own" I was referring to
1) Create an asymmetric public + private key pair on the destination
system.
2) Transfer the destination system's public key to the source system.
3) Create a symmetric key on the source system.
Etc.
I
On 7/22/21 6:17 PM, Mike Schwab wrote:
Since a lot of chips a manufactured in China, a device could be
sending ... your data,
Theoretically yes. I'm not going to speculate on the probability that
such is happening. Though Hanlon's Razor comes to mind.
But for it to be sending your data it
On 7/22/21 6:09 PM, Charles Mills wrote:
Guys, this is the problem with inventing your own solution.
You didn't elucidate what the (or a) problem is.
Public keys are, well, public.
Yes, that's the very nature of a /public/ key.
The new fashion in fact is to NOT trust internal networks. You
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Grant Taylor
Sent: Thursday, July 22, 2021 4:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: How should I send file to another sysplex securely.
On 7/22/21 2:58 PM, Charles Mills wrote:
>
f New Era, but we don't have a
> date yet. A good month or so out.)
>
> Charles
>
>
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of Grant Taylor
> Sent: Thursday, July 22, 2021 4:48 PM
> To: IBM-M
New Era, but we don't have a
date yet. A good month or so out.)
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Grant Taylor
Sent: Thursday, July 22, 2021 4:48 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: How should
On 7/22/21 5:42 PM, Lennie Dymoke-Bradshaw wrote:
There is a document by Philippe Richard of IBM France which documents
this problem and demonstrates how to resolve it using a set of REXX
routines written by Eysha Powers.
It is entitled "Transporting AES encrypted data keys from one z/OS host
On 7/22/21 2:58 PM, Charles Mills wrote:
I would say in no event does the OP want to "roll his own" or "cobble
something together out of bits and pieces."
I think we have different ideas of what "roll your own" means.
Personally, I don't believe that running some standard commands (at
least f
On 7/22/21 3:17 PM, Paul Gilmartin wrote:
It lacks authentication and does not prevent MITM attacks:
I think we might be talking about two slightly, but distinctly,
different scenarios.
I took the OP's statement to be talking about needing to move data from
one LPAR / CEC on the left side o
ERV.UA.EDU
Subject: How should I send file to another sysplex securely.
I was wondering the best way customers send sensitive data between z/OS images.
I was thinking about exporting one's private certificates.
1. I can create a dataset of the private certificates on system 1 and
have it
should I send file to another sysplex securely.
On Thu, 22 Jul 2021 14:05:31 -0600, Grant Taylor wrote:
>On 7/22/21 12:49 PM, Mike Hochee wrote:
>>...
>There is also a hybrid approach in which a symmetric key is used to
>encrypt / decrypt the data and asymmetric keys to protec
On Thu, 22 Jul 2021 14:05:31 -0600, Grant Taylor wrote:
>On 7/22/21 12:49 PM, Mike Hochee wrote:
>>...
>There is also a hybrid approach in which a symmetric key is used to
>encrypt / decrypt the data and asymmetric keys to protect the first key.
> -- My understanding is that symmetric encryp
#x27;t want to roll
your own on this. Wy too many traps for the unwary.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Grant Taylor
Sent: Thursday, July 22, 2021 1:06 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: How
On 7/22/21 12:49 PM, Mike Hochee wrote:
With private key (aka symmetric ) the same key is used to encrypt and
decrypt, and the key must be securely shared among business partners
(a vulnerability). Pervasive or z/OS data set encryption uses private
key encryption.
With public key model (aka
Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Colin Paice
Sent: Thursday, July 22, 2021 10:08 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: How should I send file to another sysplex securely.
Caution! This message was sent from outside your organization
On Thu, 22 Jul 2021 14:19:41 +, Horne, Jim wrote:
>Why wouldn't you just write a batch job to invoke SFTP? It is z/OS to z/OS
>and can handle almost all files, as far as I know
>
Like most of the suggestions so far, this begs the question of transferring the
key.
For "almost all files" yo
Why wouldn't you just write a batch job to invoke SFTP? It is z/OS to z/OS and
can handle almost all files, as far as I know
Jim Horne
-Original Message-
How about using sftp - of course you would need to copy the file to an omvs
file to do it, or get the Dovetail enhanced sftp which s
encrypt and send over NJE using xmit?
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon *
On Thu, Jul 22, 2021 at 5:08 PM Colin Paice wrote:
> I was wondering the best way customers send sensitive data be
than your reputation. Character is what you
are, reputation merely what others think you are.” - - - John Wooden
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Colin Paice
Sent: Thursday, July 22, 2021 9:08 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: How should I send file t
I was wondering the best way customers send sensitive data between z/OS
images.
I was thinking about exporting one's private certificates.
1. I can create a dataset of the private certificates on system 1 and
have it encrypted. I can send it to the other system. How can I decrypt
it o
21 matches
Mail list logo