[ksk-rollover] followup of DNSSEC Workshop at ICANN64

Michael Richardson mcr+ietf at sandelman.ca
Mon Mar 18 14:59:00 UTC 2019

Hi, thank you for the reply and context.

S Moonesamy <sm+icann at elandsys.com> wrote:
    > At 01:24 PM 17-03-2019, Michael Richardson wrote:
    >> Brute force is not the only attack: there are possible "Mission
    >> Impossible"-like exfiltration attacks against the HSM(s). Do these
    >> attacks
    >> depend upon how many keys there are?  I don't think so.

    > After the last KSK Ceremony, there was a discussion with the Root Zone
    > Manager (Public Technical Identifiers) about the physical controls for
    > the facility [1] where some of the HSMs are located. I took the
    > concerns raised on the different threads [2] into account for that
    > discussion.  The issue, as I see it, is not whether an "exflitration
    > attack" could happen; it is whether
    > it will be detected and publicly disclosed.

I am not addressing the absolute risk of exfiltration attacks,
but rather asking if having more keys in the HSM causes a relative
change to the risk of exfiltration attacks.

More keys generated might mean that the HSM is unlocked more often,
but I don't think this would be the case.  My understanding is that the HSMs
need to be acccessed on a regular basis by the Security Officers anyway in
order to sign new ZSKs.

Michael Richardson <mcr+IETF at sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190318/ade40b79/signature.asc>

More information about the ksk-rollover mailing list