On Thursday, 02/20/2003 at 11:44 CET, MCCARTIER <[EMAIL PROTECTED]> wrote: > Thanks for information, but I knew about this REDBOOK. > > What I am looking for ?, It is real implementation of PCICC on a 9672 > for zLinux server, because PCICA is not available for 9672. > > Did anyone try before ?
PCICC uses master keys and requires a master key maintenence infrastructure (ICSF). So, in addition to a Linux driver to use PCICC, you'd have to add additional capability to manage the master keys. As near as I can tell, Linux crypto functions assume a "clear key" environment, such as is provided by PCICA, so there would be a lot of extra code to write. Additionally, the PCICC was designed to handle the encryption requirements of a relatively small group of long-running programs. It was not designed for the continual context switches inherent in typical SSL usage, with each transaction using a different encryption key. I think you would be disappointed if you tried to use PCICC for SSL on Linux. As a practical matter, the PCICC architecture is not, to my knowledge, published and is sufficiently different from PCICA that the z90crypt driver will not help figure it out. Alan Altmark Sr. Software Engineer IBM z/VM Development
