B Appendix B. Tools for application security This appendix discusses ways to secure application traffic. You will find that each of these protocols is used by many applications. For instance, SSL is used by TN3270, FTP, Policy Agent, LDAP, and so on. Each protocol is explained in as much detail as needed to understand the function, and references are given for more advanced study. SSL and TLS use public key cryptography to establish a secret key, which is then used for secret key (or symmetric) cryptography. These protocols require digital certificates for the server, and optionally for the client. For information about the SSL and TLS protocols, see "Secure Sockets Layer (SSL)" on page 284. For a brief overview of the differences between SSL and TLS, see "TLS protocol" on page 289. The Kerberos system is a secret key system that uses symmetric keys, one at the client and another at what is known as a Key Distribution Center (KDC). z/OS applications that can make use of Kerberos include FTP (server and client), UNIX Telnet, and UNIX rsh. See "Kerberos-based security system" on page 290. © Copyright IBM Corp. 2006. All rights reserved. 283