The Water Cooler

Expand all | Collapse all

Top Secret Pervasive Encryption - TechDocs

  • 1.  Top Secret Pervasive Encryption - TechDocs

    Posted 04-02-2020 08:29 PM
    I located the current "TechDoc" for Top Secret around a Use-Case for Perviasive Encryption. These used to have ID numbers assocaited with them for identification but now it just seems to be a mystery HTML/PDF doc.

    How do you identify them, make comments or offer suggestions for improvement?

    This one is lacking significant amounts of detail but with no way to identify the document or contact the author?

    Here's a few questions not answered in the document:
    1) When (if) we transition from:
    PERMIT(profile1) DSN(sales.data.set.name) ACCESS(ALL) DSKEY(sales.keylabel.name)
    PERMIT(profile2) DSN(sales.data.set.addr) ACC(ALL) DSKEY(sales.keylabel.name) and other various similar rules
    to
    ALTADD(salesdpt) DSN(sales.) DSKEY(sales.keylabel.name)

    What happens to all those permits? There could be 2 or 200?

    2) Key Rotation - When the current key needs to be replaced with DSKEY(sales.keylabel.newname) do I?
    Revoke and PERMIT all those rules with the new label (if still using the permit option)?'
    or
    Will ALTADD(salesdpt) DSKEY(sales.keylabel.newname) work?

    Can the doc be updated to clarify that using ALTADD for replacing a key label with a new key label is the correct process to change keys for an application?

    3) There is only one mention of CSFKEYS in this whole document. There is a significant amount of information missing about support for VSAMSMS and it's need to have access to the CSFKEYS resources to assist in VSAM RLS dataset processing when implementing Pervasive Encryption?

    That is all for now. I hope that you can address the above concerns as well as how do we probperly identify techdocs in general.

    Regards,




    ------------------------------
    Paul Sutton
    Information Security Engineer
    Wells Fargo
    ------------------------------


  • 2.  RE: Top Secret Pervasive Encryption - TechDocs

    Posted 04-30-2020 05:01 PM
    Paul,

    I see now that you had posted this in two places. I originally responded to this item over in the CA Top Secret Community. You can view it here.

    As before, please let me know how you would like to collaborate further. You can always reach me at kris.horgen@broadcom.com. Additionally, we are hoping to update the PE topic further in the next couple weeks, per some of your request.

    -Kris

    ------------------------------
    Kris Horgen
    Technical Writer
    Broadcom
    ------------------------------