Message authentication

Message authentication is another form of security. Similar to data encryption to ensure data confidentiality, the message authentication data security feature:

Provides services to ensure the integrity of data for selected LU-LU sessions.
Provides end-to-end protection of data, which does not require support from intermediate nodes.

Message authentication allows VTAM® to determine if a message has been altered in transmission between the session partners. A code is attached to each message by the sender and verified by the session partner.

There are two methods for producing the message authentication code:

Data encryption standard (DES) product that requires a cryptographic product to be active. Using this method, both cryptography and message authentication can be performed concurrently. Although the keyword is DES, if the session is setup to use triple-DES encryption, TDES24 will be used. The use of the term DES here does not mean only DES encryption can be used.
Cyclic redundancy check (CRC), which creates a message authentication code using an internal VTAM algorithm. Using this method does not require a cryptography product to be active.

The APPL definition statement and MODEENT macroinstruction provide operands that you can use to define the message authentication support to be provided for a session. Code the following operands for each end of the session:

MAC: Specifies whether authentication of data sent and received by the LU is required, conditional, or not supported.
MACLNTH: Specifies the minimum length of the message authentication code attached to the message.
MACTYPE: Specifies the type of message authentication checking (DES or CRC) to be used for the session.

See z/OS Communications Server: SNA Resource Definition Reference for information about how to code the preceding operands.