[ksk-change] Keeping two KSK keys long term

Tomofumi Okubo tomofumi.okubo at gmail.com
Thu Oct 2 17:41:13 UTC 2014

Hello Al,

If someone is able to sabotage your key management operation, you will have bigger issues before performing any cryptographic operations. It's a huge damage to the reputation/trust. I believe this is why you have very good protection and monitoring around your KMF.

Also, I personally love HSMs but unfortunately, I cannot fully trust them when it comes to key management. If someone gets hold of the HSM we don't know if there is a flaw or backdoor that allows the adversary to extract the key. This is why we implement compensating controls to prevent it from happening.

I'm paranoid to a point that I need to know where the key material resides and when they are used. But this is more from an information security practitioner's standpoint rather than an engineer.


> On Oct 2, 2014, at 10:13, "Bolivar, Al" <abolivar at verisign.com> wrote:
> Tomofumi,
> In the scenario you are talking about the adversary would gain access to
> both HSMs at one of the facilities right? Then you could still use the
> other two HSMs you have at the other facility, provided they didn¹t get
> access to the smart cards (credentials) as well. You could then import the
> KSK into new HSMs via the APP cards.
> Thanks,
> Al
>> On 10/1/14, 9:22 PM, "Tomofumi Okubo" <tomofumi.okubo at gmail.com> wrote:
>> Hello Mike,
>> On Wed, Oct 1, 2014 at 4:39 PM, Michael StJohns <msj at nthpermutation.com>
>> wrote:
>>> On 10/1/2014 7:26 PM, David Conrad wrote:
>>> Gaining access to an HSM, along with its ignition keys would be bad.
>>> Gaining access to the HSM by itself shouldn't be.  The whole purpose of
>>> an
>>> HSM is to make generic access to the HSM non-bad.  E.g. the key's locked
>>> inside and without the use credential you ain't going to get it to do
>>> anything.  Attempts to extract a key will fail and ideally cause the
>>> HSM to
>>> zeroize.
>> I do agree that in general, gaining access to the HSM is not
>> equivalent to gaining access to the key materials on the HSM if its
>> without the credentials although, if the adversary's objective is to
>> sabotage the operation, they can simply destroy the HSM (and key that
>> resides on it) so I still believe that unauthorized access to the HSM
>> is pretty bad (from a key management standpoint).
>> Cheers,
>> Tomofumi
>> _______________________________________________
>> ksk-rollover mailing list
>> ksk-rollover at icann.org
>> https://mm.icann.org/mailman/listinfo/ksk-rollover

More information about the ksk-rollover mailing list