Rob Schramm wrote: >Yep. >By using ICSF plus CEX, and using protected key.. you get more of the >performance characteristics of CPACF but retain the more secure nature of >secure key.
>Yes the exposure is less.. but it will always be suspect. Ultimately, the >protected key is dependent on the "source" key material being "secure" or >"not secure"... I don't see a category for "sort of secure" <VBG>. >And yet.. less exposure is always a better idea. >In the case of encrypting things like PINs .. I don't think securing under >protected key without the original key material resting in ICSF under CEX >MK is a good idea. (dang.. I think I fell into a "not logic" sentence) >From a security perspective, "sort of secure" isn't substantively different >from "insecure". I'd go further wrt Protected Key and say that if the key that >you wrap isn't secure, then it's not really "Protected Key". But I don't want >this to devolve into a semantics discussion. There are lots of things you CAN do, but many of them don't qualify as "secure"; this is one of them. ...phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN