Hello ICSF We have a particular mainframe environment which is a contained Data Server (only DB2 databases and CICS). We do not have any ATM or PIN applications; we do have websphere; we do not have direct customer/user access on this machine. The non-mainframe platforms communicate with this mainframe via services like MQ and TIBCO.
We have been using TKE to securely load the Master keys only, and not operational keys. Over the years the new applications that use crypto have been installed on the other platforms. We now have a situation where we only have ONE legacy application key defined and in use in the CKDS, that is why we are now considering dismantling the optional TKE. We realise that going back to TSO panels for Master Key Administration is less secure than TKE, but find can no longer justify using TKE as the remaining application does not have a high enough CIA rating. I have two questions: 1). Are there any other customers out there that do not use TKE? 2). What is the justification for not using TKE? regards Francis ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
