[ksk-change] FIPS-140 levels

Tomofumi Okubo tomofumi.okubo at gmail.com
Tue Oct 7 00:10:20 UTC 2014

Hello Subramanian,

In the current design, HSM is in Tier 6 (Safe) and the HSM itself is
defined as Tier 7.

I'm probably not subscribed in the list you posted the suggestion... I
will ask the key managers.


On Mon, Oct 6, 2014 at 4:24 PM, S Moonesamy <sm+icann at elandsys.com> wrote:
> Hi Tomofumi,
> At 15:37 06-10-2014, Tomofumi Okubo wrote:
>> Yes, that's right but that is if the other security controls
>> successfully detects the compromise.
>> The mechanism on the HSM will be the last line of defense if the other
>> security controls fail for some reason. This is why in the ICANN
>> definition, HSM is labelled as Tier 7.
> The HSM is currently at Tier 6.  If I recall correctly I commented about
> that previously.    I suggested a change a few months ago.  I am waiting for
> feedback about the suggestion.
> Regards,
> S. Moonesamy

More information about the ksk-rollover mailing list