Scott T. Harder wrote: >My interest is based on my involvement, not too long ago, with a commercial >z/OS crypto product where I had been looking at creating a key server to be >stored on z/OS (for all the usual and (I feel) proper reasons... RAS, etc.), >providing the kind of unique and value-add management features such that you >have described with your product; but also wanted to stay inside the lines >with our crayon when it came to compatibility with existing key management >methodologies (ICSF); and use those for all that is the best of the breed >(no need to re-invent the wheel, right?). This, for both symmetric and >asymmetric keys, as well. Not a simple project and mine never got off the >ground (won't go into it); but I admire someone (an entire team, I'm sure) >that was able to take this on and have some level of success.
Sounds like an interesting project, but, as (I hope) I've shown, a tough nut to crack. Voltage has been doing this for eight years, has over 800 customers, so I think we've pretty well got the entire shell removed :-) One more feature of Format-Preserving Encryption that I should have mentioned: since it's using the same character set, you can encrypt on z/OS and decrypt on an ASCII machine (and vice versa). That's another bugaboo of many encryption schemes: having to either decrypt before sending over the network, or change processes to send as binary so the data isn't destroyed by the EBCDIC-ASCII translation process. Cheers, -- ...phsiii Phil Smith III [email protected] Voltage Security, Inc. www.voltage.com (703) 476-4511 (home office) (703) 568-6662 (cell) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
