>> Hi Todd, >> Are you saying that the Redbook SG24-7848-00 System z Crypto andTKE Update >> is just plain wrong ?
> Actually, I cannot figure out what that text from the RedBook is trying to > say :-) OK, I looked at the RedBook and I see what it's talking about now. It's sort of a "halfway" way of using Protected Mode CPACF. You turn your clear keys into protected keys, but the protected key you get is only valid until the next time things are restarted, because at that point CPACF generates a new wrapping key and the protected keys you got from it earlier become invalid. This is in contrast with the "full" protected mode which uses a CEX card, and where your keys are stored in CEX key tokens that are still good after restarts. Both are good, valid approaches, but obviously the "full" approach is appropriate for some things where the other mode would not work. Todd Arnold ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
