On Mon, Jan 15, 2024 at 02:41:45PM -0600, Walt Farrell wrote: > On Mon, 15 Jan 2024 16:15:38 +0000, Eric D Rossman <edros...@us.ibm.com> > wrote: > For encryption, the analogous method might be: Once a jobstep has > Opened an encrypted data set to read it, they cannot write to, nor Open, > an unencrypted output data set. You just mark the jobstep, and have a > bit in the DEB indicating encryption, and for a marked jobstep you don't > allow a write to a DEB that doesn't have the bit set.
So I could write the secret decrypted data out to an encrypted dataset which had a different encryption key -- one which I had easier access to? Security is hard, especially read security. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
