IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

ICSF

Showing 35

Intrusion Latch Detection on z/OS

When a crypto express card encounters an intrusion latch detection error, this error may not be externalized to z/OS.
over 2 years ago in z/OS / ICSF 2 Future consideration

Option to ignore CRL expiry date in TR34 ICSF services

TR34 RKL ICSF services CSNDT34B and CSNDT34D uses CRL from CA for generating the TOKEN. One of the CA is sending a CRL valid for only one day, but confirmed that the EPP does not validate the CRL End date. Is it possible to provide an option to ig...
over 2 years ago in z/OS / ICSF 1 Future consideration

Add option to accept BASE94 ct_krd token in TR34 CSNDT34B BIND service

As per AANDC protocol the KRD is sending BASE94 format ct_krd token to Remote Key Loading application. The CSNDT34B BIND service accepts only DER format. Hence the RKL application has to perform a conversion and there is a possibility that it coul...
almost 3 years ago in z/OS / ICSF 3 Future consideration

Verify/Compare ISO-4 Encrypted pin blocks

Currently to validate an ISO-0 Encrypted pin block we compare the cipher text of 2 pin blocks. We would like to do the same but ISO-4 pin blocks have a random component to it so that cipher text can never be the same. We would like an API that tak...
over 3 years ago in z/OS / ICSF 1 Future consideration

Availability of Cryptographic Services

When ICSF is started it will check the Master Key Verification Patterns(MKVP) in the header records of the CKDS and PKDS. When an MKVP is found then a check is made to see if that Master Key is found in the coprocessors. If it is found and it matc...
over 3 years ago in z/OS / ICSF 1 Future consideration

Support for 4096-bit Diffie-Hellman Key Size

The maximum size for a Diffie-Hellman key exchange supported is currently 2048 bits. There are many applications using bigger key sizes and z/OS would not be able to communicate with them. This enhancement would allow 4096-bit and higher key sizes...
over 3 years ago in z/OS / ICSF 1 Future consideration

ICSF Keylabel Alias Support

In order to remove the need to change hard-coded ICSF key label names within applications and the RACF database, we would like to have the ability to assign one-or-more aliases to a keylabel in the CKDS/PKDS. For example, we might have the followi...
almost 4 years ago in z/OS / ICSF 2 Future consideration

ICSF Keylabel Groups

We would like to have the ability to organise/display ICSF keylabels in the CKDS/PKDS via an installation-defined free-form text grouping name (e.g. Credit Card)
almost 4 years ago in z/OS / ICSF 3 Not under consideration

ICSF should allocate its DD cards after JES is up when started SUB=MSTR

Please enhance ICSF so that when we start it up SUB=MSTR it will eventually allocate it's DD card post JES starting up. The RACF address space exhibits this behavior today so it stands to reason it should be possible with ICSF.
about 4 years ago in z/OS / ICSF 1 Future consideration

List available SSL/TLS Ciphers with info about use of Crypto Cards

In CICS communication (SSL/TLS) with ATM a Cipher is selected/negotiated. Please make a list of all ciphers with informations about which can run in the CryptoCard e.g. CEX6C (HW) to offload the usage of CPU, and which can only run using the norma...
about 4 years ago in z/OS / ICSF 0 Future consideration

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.