[ksk-change] FIPS-140 levels

Paul Hoffman paul.hoffman at vpnc.org
Sun Oct 5 22:16:51 UTC 2014

On Oct 5, 2014, at 2:50 PM, Tomofumi Okubo <tomofumi.okubo at gmail.com> wrote:

> What you suggested is simply lowering the security level for
> convenience as you did not suggest compensating controls.

It wasn't "for convenience", it was to enable us to have a wider choice of HSMs that meet our needs. For example, one of our possible needs is "have HSMs from a variety of manufacturers", which is something you proposed just the other day. Another possible need is "have an HSM that uses the signing algorithm we want", given that there are some people who want to move towards modern elliptic curve signatures in the future.

> Instead you
> just suggested removing controls as it is overlapping with existing
> ones.

I did not propose "removing controls": I proposed meeting specific requirements ourselves if IANA can do it better. If the tamper evidence provided by the additions in the Level 2 part of an HSM's FIPS-140 certification is as good as, or not even as good as, what is provided by IANA's design (the tamper-evident bags), then it is not an actual control. The same is true for Level 3 and Level 4, I believe. I'm not sure, so I'm asking for others who know the specifics of how the levels are met *in HSMs* to comment.

> IMHO, it is better to have tamper evidence (level2) and tamper
> resistance (level3) at the HSM level.

Why? This is a serious question. Why rely on the tamper evidence and tamper resistance of a system when you can add better functionality for both, which is what IANA is already doing?

> I personally think the
> environmental controls (level4) might be too much but it is true that
> it has controls that protects the cryptographic key from different
> type of attacks.

In the case of the HSMs that IANA uses, what specific attacks are those? I would be somewhat surprised if the same controls weren't required for Level 1, but you are more familiar with how HSMs meet the FIPS-140 requirements.

--Paul Hoffman

More information about the ksk-rollover mailing list