[ksk-change] Keeping two KSK keys long term
Bolivar, Al
abolivar at verisign.com
Thu Oct 2 20:01:27 UTC 2014
Mike,
SafeNet is working with IBM to come up with a FIPS 140 level 4 HSM.
I don't know what the current state of development is but do you think
it's worth asking them if they could incorporate a trusted path
authentication that has a bit more flexibility?
The worst thing that could happen is they say no.
Thanks,
Al
On 10/2/14, 2:06 PM, "Michael StJohns" <msj at nthpermutation.com> wrote:
>On 10/2/2014 1:42 PM, Bolivar, Al wrote:
>> I would like to add that I support the addition of another vendor.
>> Tomofumi and I spoke to another vendor about introducing a competing
>>FIPS
>> 140-2 level 4 HSM. In my opinion having other choices will be positive.
>>
>> Thanks,
>>
>> Al
>
>One of my pet peeves with the HSM vendors is that none of them provide
>more than rudimentary policy controls on the use of keys. I keep
>waiting for someone to make an HSM that implements either the Javacard
>Connected standards or something similar so I can define a programmatic
>policy wrapper more comprehensive than "I need a PIN to use it" "I need
>two PINs to use it" "I need a smart card to use it" etc. I can do this
>on a smart card, why is it so hard to do it on a big iron HSM?
>
>Mike
>
>
>
>_______________________________________________
>ksk-rollover mailing list
>ksk-rollover at icann.org
>https://mm.icann.org/mailman/listinfo/ksk-rollover
More information about the ksk-rollover
mailing list