PGP is used to encrypt data files PGP is good encryption but it is not in use very much on IBM mainframes because the encryption can not be offloaded to crypto hardware , like RSA/DSA (Using crypto express cards) and AES/DES using CPACF
And some people consider it a waste of good cpu time to encrypt both the data and the connection Steve Finch Have to present another view. We run IBM Encryption Facility software for the encryption/decryption of data; we chose not to use encrypting cartridge drives for doing backups (another story), IBM EF does support OPEN-PGP quite well and we do use it for outsiders who do not have IBM EF' although I can give them a FREE JAVA client to run on their z/OS platforms or distributed machines. IBM EF or OpenPGP does indeed encrypt the data but not the session. We believe the most important part of a transfer is the credentals which flow. Once these are compromised, then it is really bad. Therefore we mandate the session is also encrypted TLS/SSL. Many of our partners do not want to encrypt the data at rest and insist transmiting the data in the clear inside of a secure tunnel is sufficient. But if that tunnel is a Site-to-Site VPN, once it comes out of the tunnel, then it is in the clear. The beauty of running this all on z, is the end point is the memory of the transfer software here on z. The world has a tendency to put Windows and UNIX servers in some DMZ. When the data lands in the clear, it is exposed. Of course they counter it is not their for long. n the end, we have all the crypto coprocessors and accelerators properly configured and used on our z9BCs. I do not find the performance impact bothersome or even of a concern. jim marshall ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
