Explanation
This message is the first in a group of messages
that VTAM® issues in response
to a DISPLAY ID, DISPLAY LUGROUPS, or a DISPLAY MODELS command for
an application or a logical unit. This message indicates the level
of cryptography supported by the node in question. A complete description
of the message group follows.
IST228I ENCRYPTION = encryption_level , TYPE = min_type
IST1563I CKEYNAME = ckeyname CKEY = ckey_value CERTIFY = certify_value
IST1552I MAC = mac_level MACTYPE = mac_type
IST314I End
IST228I
- encryption_level describes the levels of cryptography
and can be one of the following:
- REQUIRED
- Indicates that VTAM must
encrypt all messages that this application program sends and decrypt
all messages that the application program receives.
- CONDITIONAL
- If the session partner supports cryptography, VTAM must encrypt all messages that this application
program sends and must decrypt all messages that the application program
receives.
If the session partner does not support cryptography, VTAM will set up a session without
encryption.
- SELECTIVE
- Indicates that this application program can choose which messages
are encrypted by VTAM.
- OPTIONAL
- Indicates that the application program has no special cryptographic
requirements; its cryptographic capability is the same as the host
processor’s capability.
- NONE
- Indicates that the application program has no special cryptographic
requirements; its cryptographic capability is the same as the host
processor’s capability.
- min_type describes the minimum type of cryptography
and can be one of the following:
- DES
- Indicates that VTAM must
use a minimum of DES encryption using an 8-byte key, if the session
uses encryption.
- TDES24
- Indicates that VTAM must
use a minimum of Triple-DES encryption using a 24-byte key, if the
session uses encryption.
See the z/OS Communications Server: SNA Network Implementation
Guide for information about cryptography.
IST1552I - mac_level describes the message authentication
code (MAC) levels and can be one of the following:
- REQUIRED
- Indicates that VTAM must
use message authentication codes for all messages this application
program sends and verify all messages the application program receives.
- CONDITIONAL
- Indicates that if the session partner supports message authentication
codes, VTAM must use message
authentication codes for all messages this application program sends
and must verify all messages the application program receives. If
the session partner does not support message authentication codes, VTAM will set up a session without
them.
- NONE
- Indicates that the application program will not use message authentication
codes.
- mac_type describes the method used to generate
the MAC and can be one of the following:
- CRC
- Indicates that VTAM will
use a cyclic redundancy checking (CRC) algorithm to perform message
authentication code functions.
- DES
- Indicates that VTAM will
use the data encryption standard (DES) to perform message authentication
code functions. If a session partner is using CRC, that method is
used during the session.
- TDES
- Indicates that for sessions utilizing Triple DES, Triple DES encryption
(not DES encryption) will be used even if the operand value is DES.
- NONE
- Indicates that VTAM does
not perform message authentication code functions. This value is displayed
only when MAC=NONE.
IST1563I - ckeyname indicates the cryptographic key name
of a key-encryption-key (KEK) in the cryptographic key data set (CKDS)
for the defined resource, and is used to encrypt session keys. It
is always the resource name for applications and cross-domain resources.
- ckey_value can be one of the following:
- PRIMARY
- Indicates that cryptographic session keys are generated using
the primary cryptographic key name (the name on the LU definition
statement, or the value of the CKEYNAME operand). CKEY is always set
to PRIMARY for applications and cross-domain resources.
- ALTERNATE
- Indicates that cryptographic session keys are generated using
the alternate cryptographic key name with the suffix .ALT.
- certify_value can be one of the following:
- YES
- Indicates that cryptographic sessions are authenticated at both
the SLU and the PLU, if the session uses encryption.
- NO
- Indicates that cryptographic sessions are authenticated only at
the SLU, if the session uses encryption.
System action
Operator response
System programmer response
Routing code
Descriptor code