Hal Merritt wrote:
Bingo. Well said. It *is* a big deal. Very complicated. Lots of thoughtful planning. And potentially very expensive. And very dangerous.
It is far, far from something you just 'turn on'. Perhaps compare with
converting VSAM files into DB2 tables.
IMHO it's not very big deal. The devil is in details, but simple data (record level) encryption using ICSF is quite easy to establish and maintain. Otherwise all the cryptography is big deal (depends on what you call BIG deal, what is medium only, etc.). People use cryptography despite of the risk.
The biggest deal IMHO is
a) Seamless integration with existing backup techniques. Seamless or near-seamless or any.
b) Procedures. What data to encrypt, key distribution procedures, key change procedures (correlation with tape lifecycle mgmnt), etc.
c) Performance impact. Very big impact. Encrypting is very CPU (means time) consuming. IMHO the impact should cause all the idea unusable or usable for very selected data.
-- Radoslaw Skorupka Lodz, Poland
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
