[ksk-change] FIPS-140 levels
Tomofumi Okubo
tomofumi.okubo at gmail.com
Tue Oct 7 00:10:20 UTC 2014
Hello Subramanian,
In the current design, HSM is in Tier 6 (Safe) and the HSM itself is
defined as Tier 7.
I'm probably not subscribed in the list you posted the suggestion... I
will ask the key managers.
Cheers,
Tomofumi
On Mon, Oct 6, 2014 at 4:24 PM, S Moonesamy <sm+icann at elandsys.com> wrote:
> Hi Tomofumi,
> At 15:37 06-10-2014, Tomofumi Okubo wrote:
>>
>> Yes, that's right but that is if the other security controls
>> successfully detects the compromise.
>> The mechanism on the HSM will be the last line of defense if the other
>> security controls fail for some reason. This is why in the ICANN
>> definition, HSM is labelled as Tier 7.
>
>
> The HSM is currently at Tier 6. If I recall correctly I commented about
> that previously. I suggested a change a few months ago. I am waiting for
> feedback about the suggestion.
>
> Regards,
> S. Moonesamy
More information about the ksk-rollover
mailing list