[ksk-change] Keeping two KSK keys long term

Tomofumi O tomofumi.okubo at gmail.com
Thu Oct 2 05:00:05 UTC 2014


> On Oct 1, 2014, at 8:53 PM, Richard Lamb <richard.lamb at icann.org> wrote:
> I agree based on the principles behind the original ksk management design
> (equal security for all).  But happy to entertain other approaches if the
> community is willing to sign off on the risks. -R
> -----Original Message-----
> From: ksk-rollover-bounces at icann.org [mailto:ksk-rollover-bounces at icann.org]
> On Behalf Of Paul Hoffman
> Sent: Wednesday, October 01, 2014 4:04 PM
> To: Tomofumi Okubo
> Cc: ksk-rollover at icann.org
> Subject: Re: [ksk-change] Keeping two KSK keys long term
>> On Oct 1, 2014, at 3:48 PM, Tomofumi Okubo <tomofumi.okubo at gmail.com> wrote:
>> It will roughly cost around 500k to set up one key ceremony room but 
>> it's more about the overhead to manage the facilities.
> I propose that this additional key need a new key ceremony room; in fact,
> that idea hadn't even occurred to me. Create the key in one of the current
> rooms, then drive the HSM to some other location and plant it there. Rent a
> party bus for the participants so that they can watch the HSM the whole
> time. You can even have the HSM sign something at the new location to prove
> that it is the same key that was created at the first place.
> Again, I'm only proposing this because my reading of 5011 makes it seem like
> having a second active KSK would be better if one of the KSKs is
> accidentally or purposely made unusable. Mike seems to agree with this; do
> others disagree?
> --Paul Hoffman
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover

More information about the ksk-rollover mailing list