Hello Todd,
I'll try answer your questions as best I can.
1. I am talking about z/VM z/VSE customer who is using currently CPACF to
encrypt data going to the disk and (I am not sure)
some software using CPACF for SSL.
2. Customer predict workload increase and expect to get more performance
using the Crypto Express especially in the growing SSL
demand
3. Customer is currently using CPACF with key length of 128 bits for clear
key encryption and (by internal demand) expect to move to 256 bits with the
Crypto Express
4. As far as I know there are no immediate requirements for high secured
key protection (which provided of course
by the Crypto Express)
5. The Crypto Express is offered to the customer for marketing reasons (Can
not elaborate and have to leave it vague)
Thanks for your interests and suggestions,
Arye.
On Wed, Jun 14, 2017 at 3:46 PM, Todd Arnold <arno...@us.ibm.com> wrote:
> As Phil said:
> > (arguably the firmware is slightly less secure than the tamper-resistant
> HSM, but the memory
> > used in the firmware to hold that key is protected-it's apparently not
> even visible in HMC dumps)
>
> That is correct. The memory where the key is held is associated with the
> CPACF hardware and its operation. That memory is part of the internal z
> hardware and is completely separate from any memory that the applications
> or operating system can see or use.
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
