Top Secret

 View Only
  • 1.  Top Secret Pervasive Encryption - TechDocs

    Posted Apr 02, 2020 08:29 PM
    I located the current "TechDoc" for Top Secret around a Use-Case for Perviasive Encryption. These used to have ID numbers assocaited with them for identification but now it just seems to be a mystery HTML/PDF doc.

    How do you identify them, make comments or offer suggestions for improvement? 

    This one is lacking significant amounts of detail but with no way to identify the document or contact the author?

    Here's a few questions not answered in the document:
    1) When (if) we transition from:
    PERMIT(profile1) DSN(sales.data.set.name) ACCESS(ALL) DSKEY(sales.keylabel.name)
    PERMIT(profile2) DSN(sales.data.set.addr) ACC(ALL) DSKEY(sales.keylabel.name) and other various similar rules
    to
    ALTADD(salesdpt) DSN(sales.) DSKEY(sales.keylabel.name)

    What happens to all those permits? There could be 2 or 200?

    2) Key Rotation - When the current key needs to be replaced with DSKEY(sales.keylabel.newname) do I?
    Revoke and PERMIT all those rules with the new label (if still using the permit option)?'
    or
    Will ALTADD(salesdpt) DSKEY(sales.keylabel.newname) work?

    Can the doc be updated to clarify that using ALTADD for replacing a key label with a new key label is the correct process to change keys for an application?

    3) There is only one mention of CSFKEYS in this whole document. There is a significant amount of information missing about support for VSAMSMS and it's need to have access to the CSFKEYS resources to assist in VSAM RLS dataset processing when implementing Pervasive Encryption?

    That is all for now. I hope that you can address the above concerns as well as how do we probperly identify techdocs in general.

    Regards, 




    ------------------------------
    Paul Sutton
    Information Security Engineer
    Wells Fargo
    ------------------------------


  • 2.  RE: Top Secret Pervasive Encryption - TechDocs

    Broadcom Employee
    Posted Apr 03, 2020 10:56 AM
    Hi Paul, 

    This is not a "techdoc," but rather a topic in the end user documentation. I can work with you directly to incorporate what you need. I don't see any contact details for you here in this forum, but my email is kris.horgen@broadcom.com. Looking forward to chatting with you!

    -Kris

    ------------------------------
    Kris Horgen
    Technical Writer
    Broadcom
    ------------------------------



  • 3.  RE: Top Secret Pervasive Encryption - TechDocs
    Best Answer

    Broadcom Employee
    Posted Apr 03, 2020 05:21 PM
    Paul, 

    Standing by when you are ready to collaborate on the PE content. In the meantime, some information for your inquiries:

    1) When (if) we transition from:

    PERMIT(profile1) DSN(sales.data.set.name) ACCESS(ALL) DSKEY(sales.keylabel.name)
    PERMIT(profile2) DSN(sales.data.set.addr) ACC(ALL) DSKEY(sales.keylabel.name) and other various similar rules

    to

    ALTADD(salesdpt) DSN(sales.) DSKEY(sales.keylabel.name)


    What happens to all those permits? There could be 2 or 200?

    The permits would have to be revoked and permitted without the DSKEY. When a dataset is opened, DFSMS issues an EXTRACT call. CA Top Secret first searches the permits and, if not found, CA Top Secret searches the ownership.

    2) Key Rotation - When the current key needs to be replaced with DSKEY(sales.keylabel.newname) do I?

    Revoke and PERMIT all those rules with the new label (if still using the permit option)?'

    Yes
    or

    Will ALTADD(salesdpt) DSKEY(sales.keylabel.newname) work?

    Yes
    Can the doc be updated to clarify that using ALTADD for replacing a key label with a new key label is the correct process to change keys for an application?

    Yes

    3) There is only one mention of CSFKEYS in this whole document. There is a significant amount of information missing about support for VSAMSMS and it's need to have access to the CSFKEYS resources to assist in VSAM RLS dataset processing when implementing Pervasive Encryption?

    While we work to have more information accounted for in the doc, here is some information from IBM that you might find useful related to this:

    https://www.ibm.com/support/pages/apar/OA58159

    Talk to you soon!



    ------------------------------
    Kris Horgen
    Technical Writer
    Broadcom
    ------------------------------