Steve Estle wrote, in part: >but we'd like to encrypt as much as possible in our environment
Why? What problem are you trying to solve? Remember that DSE provides protection against exactly two attacks: 1) Someone getting at the wire between the array and the CEC 2) Rogue storage admin Those are the risks for which it was designed and implemented, and it does a fine job of those. Otherwise, it's no different from RACF/ACF2/TSS protecting stuff in the first place. (I'm assuming you have encrypting DASD already.) If the rational is "Encryption is good because encryption", that's dangerous, because you're not really protecting very much. I realize that this may be management's delusion, but it's not good. There's way too much of that out there-"We protected something, yay, now we're safe(r)". Not necessarily. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
