[ksk-change] Keeping two KSK keys long term

Richard Lamb richard.lamb at icann.org
Thu Oct 2 03:53:10 UTC 2014

I agree based on the principles behind the original ksk management design
(equal security for all).  But happy to entertain other approaches if the
community is willing to sign off on the risks. -R

-----Original Message-----
From: ksk-rollover-bounces at icann.org [mailto:ksk-rollover-bounces at icann.org]
On Behalf Of Paul Hoffman
Sent: Wednesday, October 01, 2014 4:04 PM
To: Tomofumi Okubo
Cc: ksk-rollover at icann.org
Subject: Re: [ksk-change] Keeping two KSK keys long term

On Oct 1, 2014, at 3:48 PM, Tomofumi Okubo <tomofumi.okubo at gmail.com> wrote:

> It will roughly cost around 500k to set up one key ceremony room but 
> it's more about the overhead to manage the facilities.

I propose that this additional key need a new key ceremony room; in fact,
that idea hadn't even occurred to me. Create the key in one of the current
rooms, then drive the HSM to some other location and plant it there. Rent a
party bus for the participants so that they can watch the HSM the whole
time. You can even have the HSM sign something at the new location to prove
that it is the same key that was created at the first place.

Again, I'm only proposing this because my reading of 5011 makes it seem like
having a second active KSK would be better if one of the KSKs is
accidentally or purposely made unusable. Mike seems to agree with this; do
others disagree?

--Paul Hoffman
ksk-rollover mailing list
ksk-rollover at icann.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5456 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20141002/4a472bfc/smime.p7s>

More information about the ksk-rollover mailing list