[ksk-change] Keeping two KSK keys long term
Michael StJohns
msj at nthpermutation.com
Wed Oct 1 23:39:18 UTC 2014
On 10/1/2014 7:26 PM, David Conrad wrote:
> Gaining unauthorized access to that HSM would be “bad”,
This is one of those misperceptions that's important to correct quickly.
Gaining access to an HSM, _*along with its ignition keys*_ would be
bad. Gaining access to the HSM by itself shouldn't be. The whole
purpose of an HSM is to make generic access to the HSM non-bad. E.g.
the key's locked inside and without the use credential you ain't going
to get it to do anything. Attempts to extract a key will fail and
ideally cause the HSM to zeroize.
> so we’re probably not talking about storing the HSM under somebody’s bed.
Actually, why not? If its a good HSM, then its a piece of iron without
the credentials to enable it. The critical piece is to figure out how
to prevent combination of the HSM with the unlocking credentials until
policy says you should, and that's a different problem that keeping the
HSM in a vault or under a bed.
E.g. steal my smart card (another HSM, albeit in a smaller form factor)
and its of no use to you without the PIN.
Later, Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20141001/294f6cf3/attachment.html>
More information about the ksk-rollover
mailing list