Many people think that NAE "replaces" AC3, which is not true -- but they think that because the upgrade process will install NAE automatically in V5R4 if you had AC3 in V5R3.

However, the only part of AC3 that's in NAE is Kerberos support (for single-sign on type things.) Everything else that was in AC3 is now built-in to the operating system.

Background: The reason IBM created AC1/AC2/AC3 was due to the various export regulations surrounding cryptography. Different countries had different rules about what level cryptography could be sold/used, and sometimes it varied depending on whether the seller was within the same nation or not. Since special handling was therefore required, the AC1/AC2/AC3 products were created, and had to be ordered/installed separately.

But then the laws changed. Cryptography that was strong in the 1960s isn't considered military-strength today, anymore! As the laws loosened, IBM didn't need to do any special handling anymore. So by the time V5R4 was released, they were able to simply include all of their crypto in the OS itself. Nothing needs to be installed.

For Kerberos, NAE needs to be installed, but it's shipped with the OS.

For everything else, it's simply built-in to the base OS. No need to install anything at all.


On 9/13/2012 10:39 AM, rob@xxxxxxxxx wrote:
Just a little verification.

A Cryptographic Access Provider

Required if you plan to use SSL. You can choose one of these options:
5722-AC2 (56-bit), 5722-AC3 (128-bit). If you are using V5R4 or later,
5722-AC3 is part of the operating system and does not need to be installed

The Memo to Users for V5R4 had some interesting comments. Search on AC3

AC3 was replaced by NAE for parts of this.

Rob Berendt

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page