[ksk-change] FIPS-140 levels

S Moonesamy sm+icann at elandsys.com
Mon Oct 6 23:24:13 UTC 2014


Hi Tomofumi,
At 15:37 06-10-2014, Tomofumi Okubo wrote:
>Yes, that's right but that is if the other security controls
>successfully detects the compromise.
>The mechanism on the HSM will be the last line of defense if the other
>security controls fail for some reason. This is why in the ICANN
>definition, HSM is labelled as Tier 7.

The HSM is currently at Tier 6.  If I recall correctly I commented 
about that previously.    I suggested a change a few months ago.  I 
am waiting for feedback about the suggestion.

Regards,
S. Moonesamy 



More information about the ksk-rollover mailing list