Mike, Interesting idea, but the way Pervasive Encryption from IBM works is that the key is assigned via the External Security system (RACF, ACF2, Top Secret) or JCL parameter or SMS Data Class. Since a catalog could be defined to contain both PAYROLL and WAREHOUSE high-level-qualifiers in it; would you want them encrypted with the same key? The use of ESM's to control seems to be the primary way that IBM recommends (though coming from the storage side I like SMS Data Class) and a RACF rule for PAYROLL data sets is normally VERY unique and different from WAREHOUSE data sets. What I don't like is the lack of key management. I would hate to see a requirement that every year or two you MUST change all your RACF rules to point to a new key. And don't get me started on what to do with old archived data - that is a completely different topic.
...SNIP... >How about a unique key for each catalog? I.E. Master and each user catalog. -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
