[ksk-change] Keeping two KSK keys long term

Bolivar, Al abolivar at verisign.com
Thu Oct 2 17:42:45 UTC 2014

I would like to add that I support the addition of another vendor.
Tomofumi and I spoke to another vendor about introducing a competing FIPS
140-2 level 4 HSM. In my opinion having other choices will be positive.



On 10/1/14, 6:48 PM, "Tomofumi Okubo" <tomofumi.okubo at gmail.com> wrote:

>On Wed, Oct 1, 2014 at 3:09 PM, Paul Hoffman <paul.hoffman at vpnc.org>
>> On Oct 1, 2014, at 2:15 PM, Jakob Schlyter <jakob at kirei.se> wrote:
>> With all due respect, I'd like to see those numbers. The cost is
>>approximately "have an extra HSM stored somewhere where the other HSMs
>>are not". I'm not sure how expensive that can be relative to "fly a
>>bunch of folks around twice a year for the ceremonies", much less
>>relative to "if we needed it, we could show people we had planned for
>It will roughly cost around 500k to set up one key ceremony room but
>it's more about the overhead to manage the facilities.
>Even if we don't store the HSMs for the backup keys at a different
>location, I think introducing a different brand of HSM for the backup
>key would have it's own benefits. We can prevent vendor lock-in and a
>single HSM brand failing (critical flaw in hardware etc...) and
>needing to do a full trust reboot. Not to mention, this will cost a
>lot of money (around 150k) too.
>ksk-rollover mailing list
>ksk-rollover at icann.org

More information about the ksk-rollover mailing list