I'm not trying to be a jerk here, but does this mean that all someone needs is your product and knowledge of the id used, in order to generate the key(s) to decrypt data encrypted with that id???
I am probably missing something here, but it sounds like there is something intrinsically wrong with that premise. All the best, Scott T. Harder Mainframe Services, Inc. Naples, FL > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On > Behalf Of Phil Smith III > Sent: Tuesday, March 23, 2010 12:01 PM > To: IBM-MAIN@bama.ua.edu > Subject: Re: Encryption software? > > Hal Merritt wrote: > >I am beginning to think that the silence of major players is meaningful. > > >I can report one horror story: pay close attention to your key manangment > process. The whole process to include entry, change, and propagation to a > recovery site. That whole sand box looks to be very fragile by design. > And, without keys, the data is unrecoverable. > > >I'm really worried that there are a lot of worthless backups out there > that won't be discovered until it is way too late. > > Indeed. "Encryption is easy, key management is hard". That's why the > Voltage solutions all use keynames (identities) defined *by the user* > (they look like email addresses, and actually are for Voltage SecureMail, > but need not be for Voltage SecureData). Keys are generated based on a > Master Secret and that identity *on the fly*. Thus keys need not be backed > up, and key servers replicated with the same Master Secret will generate > the same key for the same identity. > > Our customers love this flexibility: no constant key server backups, easy > failover and geographic replication, and applications can share keys by > using the same identity, without having to pass keys themselves around. > > ...phsiii > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
