On Tuesday, 09/05/2006 at 04:04 CST, "Jeffrey D. Smith" <[EMAIL PROTECTED]> wrote: > > Something to think about: CPACF does not do "secure key" operations. You > > will still want to use ICSF in order to keep the clear-text keys out of > > your application address space and to avoid Yet Another Key Managment > > Problem. > > > > Alan Altmark > > So, why did IBM update ICSF to support clear keys in the CKDS and > its address space? Because IBM is marketing its own CPACF solution > that requires clear keys. As long as the clear keys are kept in > protected storage, it's not a big issue with most sites.
Jeffrey, I'm not sure of your point. I was saying that before John McKown starting including KM and KMC instructions in his program he should consider the affects of having the keys in cleartext in the application address space. If that's ok, with all that implies, fine. If that's not ok, then he should get ICSF functioning again and call the CPACF-based encryption routines. TDES and AES are available. The ICSF book has a section on how to use CPACF with ICSF. He can, of course, look at alternative solutions to ICSF if he's not interested in ICSF. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
