Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Cryptographic session initiation z/OS Communications Server: SNA Network Implementation Guide SC27-3672-01 |
|
The following only applies to the session key enciphered under a cross key as it is used during session initiation. VTAM® supports both end-to-end
and host-by-host encryption. The method used is dependent on the types
of nodes in the configuration and the coding of the cryptographic
key data sets (CKDS).
The installation actually determines which method VTAM will use by placing cross keys in the appropriate
cryptographic facility data sets and by the capability of the nodes
involved.
During session initiation VTAM interrogates the encryption facility to determine whether cross key has been defined for a particular name. The following information describes the order in which VTAM will choose a name by which to interrogate the cryptographic product:
When preparing to send a session initiation request into an APPN network or when sending a subarea CDINIT (request or response):
When sending cryptographic information about a CDCINIT into a subarea network, VTAM always follows the earlier host-by-host algorithm — encrypt the key in the cross domain key of the adjacent node. Also, if cryptographic processing was done on CDINIT, it will not be done again on CDCINIT. The first key found using the above search will be the key used. VTAM also includes the partner name in a control vector so the other VTAMs along the path either ignore the cryptographic fields when the name included is not theirs, or decipher the cross key. If VTAM deciphers the cross key, VTAM then acts upon the cross key by saving the key if this is the endpoint, or reenciphering the key, changing the name in the control vector, and then forwarding the session initiation. |
Copyright IBM Corporation 1990, 2014
|