IBM Z Hardware and Operating Systems Ideas Portal
This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
My understanding is that this is delivered. Please contact to confirm.
Due to processing by IBM, this request was reassigned to have the following updated attributes:
Brand - Servers and Systems Software
Product family - z Systems Hardware
Product - z Systems Hardware
Component - Crypto HW
For recording keeping, the previous attributes were:
Brand - Servers and Systems Software
Product family - z Systems Hardware
Product - z Systems Hardware
Component - Security / Crypto
.Delivery soon. Contact us for details.
Thank you for your response. Option (1c) appears to meet our needs for the first use case. We are interested in a call to further discuss the issue. I am posting a separate, private comment with the additional details requested and contact information for the meeting.
Thank you for submitting the RFE. We have a few comments and questions. The reason CCA enforces certain strict controls on key typing and usage is due to standards requirements which indicate that the HSM must ensure that each cryptographic key is only used for a single cryptographic function or that the HSM does not permit any of the key-usage information to be changed in any way that allows the key to be used in ways that were not possible before the change. Therefore, CCA does not support things like creating a single key which can do both PIN encryption and PIN decryption. We could not support an open-ended import function which allows the assignment of any key type or control vector, but we could potentially support options that give you more control over acceptable import options. Please consider the following for your first use case and let us know your thoughts on these possible changes to CSNBT31I possibly controlled by rule array keywords. Would any of the options below meet your needs?
CSNBT31I:
Request CCA Key returned
(1a) P0-(A,B,C)-B --> OPINENC, no new keywords
(1b) P0-(A,B,C)-B --> IPINENC, no new keywords
(1c) P0-(A,B,C)-B --> OPINENC or IPINENC based on 2 new keywords
(1d) P0-(A,B,C)-B --> OPINENC +[CPINENC,EPINGEN,REFORMAT,TRANSLAT] or
IPINENC +[EPINVER,CPINGENA,REFORMAT,TRANSLAT],
==>based on 8 new keywords
When do you need this change? On which cards/releases/machines do you need the support?
When do you need support for your 2nd use case ?
Please do send any comments to the questions above as soon as possible.
We understand that you are in the early discussion stages with your partners, but we would like to have a call with you to further discuss your requirements. Would it be okay if we scheduled a call to discuss?