Rob Schramm wrote: >While I understand a certain amount of skepticism about the "protected" >key.. I am having difficulty understand how much less secure protected key >is from the secure key. It would seem on the surface that the protected >key is just a "child" of secure key and still very secure. Considering the >performance characteristics... it would seem to be quite attractive.
Agree 100%. I hope that whoever thought of Protected Key got rewarded appropriately: I see it as at least 99.44% as secure (and the missing .56% is only because I don't claim to be a crypto expert, not because *I* suspect any weakness). I will note that I was concerned when Protected Key came out that QSAs might not accept it as secure. As Monty Python would say, "Trouble is, sheep are very dim...once they get an idea in their 'eads, there's no shiftin' it". But to the best of my knowledge (and I've asked repeatedly) that hasn't happened. Protected Key (I almost typed "PK", but that's too close to "PKI"!) has been around almost three years now; if there was likely to be significant pushback, I'd expect it to be visible by now. ...phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
