In a recent note, Walt Farrell said: > Date: Tue, 28 Feb 2006 12:08:09 -0500 > > On 2/28/2006 10:47 AM, [log in to unmask] wrote: > > The good intention was to dispel the expectation, or wishful thinking, > > that the EFC could invert all transformations performed by ICSF. > > > > Clearly it fell short of the mark insofar as it easily misled you > > and me. A clarification might be helpful, such as a paraphrase > > of John E.'s words to: > > > > Data which ICSF has compressed and encrypted can be decrypted > > but not uncompressed by the Encryption Facility Client. > > That's not quite right either, gil. > I thought it was.
> Remember that there are two pieces involved. The IBM Encryption > Facility for z/OS, and the separate Encryption Facility Client. > Is "The IBM Encryption Facility for z/OS" different from ICSF? If so, I'm quite wrong. > The usual modes of operation are expected to be: > (1)(a) optionally compress, and encrypt using the Encryption Facility > for z/OS on one system; > (b) decrypt, and (if compressed) uncompress using the Encryption > Facility for z/OS on another z/OS system, or the same z/OS system. > > or > (2) (a) encrypt using the Encryption Facility for z/OS. Then > (b) decrypt on some non-z/OS system using the Encryption Facility > Client. > > or > (3) (a) encrypt on some non-z/OS system using the Encryption Facility > Client. Then > (b) decrypt on z/OS using the Encryption Facility for z/OS. > > The compression in (1)(a) is the IBM System z hardware compression, > which is not supported anywhere else but in the IBM hardware. > (Until someone reverse-engineers it. And some customers might feel uneasy having critical data compressed and/or encrypted by a technique not openly described and subject to peer review.) > Note that wherever I've said the Encryption Facility Client was running > on non-z/OS, it could also run on z/OS. However, in any case, it can > only do encryption/decryption, it cannot make use of the hardware > compression functions. > > The real point to understand is that there are two functions being > described: the Encryption Facility and the Encryption Facility Client. > Except for my use of "ICSF" where you use "the Encryption Facility" I was attempting to say what you clearly said. Was I overly terse and/or confused in my terminology? -- gil -- StorageTek INFORMATION made POWERFUL ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html