Hal Merritt wrote: >I am beginning to think that the silence of major players is meaningful.
>I can report one horror story: pay close attention to your key manangment >process. The whole process to include entry, change, and propagation to a >recovery site. That whole sand box looks to be very fragile by design. And, >without keys, the data is unrecoverable. >I'm really worried that there are a lot of worthless backups out there that >won't be discovered until it is way too late. Indeed. "Encryption is easy, key management is hard". That's why the Voltage solutions all use keynames (identities) defined *by the user* (they look like email addresses, and actually are for Voltage SecureMail, but need not be for Voltage SecureData). Keys are generated based on a Master Secret and that identity *on the fly*. Thus keys need not be backed up, and key servers replicated with the same Master Secret will generate the same key for the same identity. Our customers love this flexibility: no constant key server backups, easy failover and geographic replication, and applications can share keys by using the same identity, without having to pass keys themselves around. ...phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
