KMS Operations
FIGURE 2-3 Key Lifecycle
A potential issue:
That LTO4 drive firmware will not request a write key in the following scenario:
Read, Space,
The drive will use the same key obtained for the Read command to encrypt the data provided for the Write command. The state of this key may be inappropriate for writing due to the policy associated with the drive (an expired key).
Work-Around:
Assign the drive’s Key Group having a key policy with a long encryption period. An encryption period of a year or longer is recommended.
Details:
The
Most applications go through this sequence of operations when appending data to a tape.
The end result is that encryption keys previously used on that tape will continue to be used for write operations even if the state of the key has changed to expired or compromised.
The encryption period is a user defined policy.
An encryption period of a year or longer is recommended to mitigate the risk of write operations using an expired key. Most applications write sequentially to a tape cartridge until it is full. It is rare that a customer would not fill a tape cartridge with data within a year.
This is a low impact issue due to ability to mitigate exposure with a user defined encryption period and due to the
It is recommended that the customer not destroy encryption keys as a means to enforce data
316196601 • Revision: A | Chapter 2 Dione Card 11 |