>This topic is getting bounced around here and on the RACF-L as well, yet >responses are scarce and sporadic. We in the hinterlands are looking for >experiences with any of the major encrypting products to help in selecting >one, without being hounded by vendors. Our site has mentioned TKLM and it >looks like a nightmare, plus it doesn't cover all our media. We have FDR, so >FDRCRYPT is a possibility. We have CA products, OpenTech products, and >MegaCryption looks interesting. >Bottom line...many of us are soliciting opinions from those who have run >that gauntlet already.
Would have responded sooner except was out at SHARE in Seattle. A very, very, very beneficial trip. It was great. A consideration might be to ask if any product meets US Gov't FIPS 140-2 requirement. There was a strategic decision made by the FDR folks, not to pursue it back when. Back a few years ago I had a discussion with them about the need for it. What happened was they partnered with the MegaCryption folks to offer their product for encryption in the places where it was mandated. IBM stresses the use of the TSxxxx encrypting cartridge drives for their offering. Sure this is good but encryption is needed for more than dumps. My contention is every file one sends out for Data Exchanges should be encrypted just in case their is PII (Personally Identifiable Information - used to be Privacy Data). OK, that means who gets your encrypted file needs to have your encryption product to decrypted. IBM markets the software IBM Encryption Facility (EF) which has its own format but also it supports OpenPGP along with GPG as we learned. They also have a free JAVA Client to give out in case the exchange partner does not have OpenPGP or GPG. It is my understanding MegaCryption also has the same kind of offering. Thus even if you have them snazzy encrypting cartridge drives it does not lessen the need for some file encryption software. Just as some food for thought. Say today you FTP a file from your z10 z/OS to a Windows platform. Hey it arrives in ASCII ready to process. OK, encrypt your EBCIDIC file and send it to them as BINARY file, they decrypt the file and look at the data as hosed. In their world, so what is a Codepage???? Been doing it now for 4+ years and there are other subtle challenges and obstacles. It is not as simple as it looks as my technical team found out the hard way. If anyone wants to carry on a dialog offline, contact me. Setting up Data Exchanges where all are sent encrypted and received encrypted have many implications; like key management, platform types, codepages, data exchange hubs, etc. jim ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
