Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone considering field encryption?)

controls to ICSF ciphering is useless. A program can directly use CPACF instead of ICSF. Even if CPACF would be unavailable, I don't think, that any function should be restricted. We don't restrict READ, but we control a dataset which can be read. Everyone can add, multiply, divide, etc. so why

Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone considering field encryption?)

-Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of R.S. Sent: Sunday, September 10, 2006 11:35 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone considering field encryption?) Jeffrey D

Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone considering field encryption?)

for clear DES key and CLRAES for clear AES key. These are the only key forms usable by the CPACF interface in ICSF, and they are not encrypted anywhere, either in storage or on the CKDS. How about key IMPORT ? Could I keep the key in encrypted form and import it from CKDS ? Second thought: CKDS

Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone considering field encryption?)

-Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of R.S. Sent: Thursday, September 07, 2006 1:22 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone considering field encryption?) Jeffrey D

Re: ICSF with CPACF

. With CPACF, there is no need to use ICSF. Thus, applying security controls to ICSF ciphering is useless. A program can directly use CPACF instead of ICSF. I disagree on two points: 1. ICSF is surrounded by Process and Privilege (PP) to get keys into, out of, share, etc.. If an application manages its

Re: ICSF with CPACF

-Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark Sent: Thursday, September 07, 2006 10:07 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: ICSF with CPACF On Thursday, 09/07/2006 at 08:12 CST, Jeffrey D. Smith [EMAIL PROTECTED

ICSF with CPACF (was RE: Encrypting tape drives... anyone considering field encryption?)

in the application address space. If that's ok, with all that implies, fine. If that's not ok, then he should get ICSF functioning again and call the CPACF-based encryption routines. TDES and AES are available. The ICSF book has a section on how to use CPACF with ICSF. He can, of course, look

Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone considering field encryption?)

in cleartext in the application address space. If that's ok, with all that implies, fine. If that's not ok, then he should get ICSF functioning again and call the CPACF-based encryption routines. TDES and AES are available. The ICSF book has a section on how to use CPACF with ICSF. He can, of course

Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone considering field encryption?)

-Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of R.S. Sent: Wednesday, September 06, 2006 9:04 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: ICSF with CPACF (was RE: Encrypting tape drives... anyone considering field encryption?) Jeffrey D