If I were to have my Information Security team provide only one of the 
passphrases when setting up the KMS database, which one would it be?

In other words, which one would be required to rebuilt the entire databsae, and 
without it I would not be able to re-create any of the keys used by the tape 
drives?

We don't want any one person to be able to re-create the database using the 
passphrases.

I'm leaning towards the Key Protection key as it seems to tie into all the 
other keys, were the Host Master key is only there to protect the Key 
Protection key and nothing else.

Am I on the right path here?

+----------------------------------------------------------------------
|This was sent by spaldam AT spaldam DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------


_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu