[ksk-rollover] ICANN to generate new KSK

[Aaron Foley]

Hi Michael,

>I have the spec sheets open in some tabs, because I was curious what kind of
>backup/restore/extration features it had. As I said: do we get screwed each
>time someone obsoletes a product?
>But, Mike asked far more interesting questions.


I suppose the answer to your question is relative to your definition. I would argue that if history were to repeat itself again in the future, we'd be in a better position for several reasons. 

Firstly, IANA have developed a combined HSM and KSK rollover plan to address Ultra Electronics' exit from the HSM market, and much of the plan could be recycled later if required.

Andres linked this document in his response earlier describing our rationale for deciding on Thales and their Luna HSMs to replace the Keyper HSMs currently in use: https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf

The document contains considerations and rationale for the decision. One major factor was the size of Thales in the HSM market, and their long-term viability as a manufacturer.

Another attractive feature of the Thales HSMs is their iKey model for credentials. The iKeys have been used across several generations of HSM products, and it's very likely they'll continue to be used with future HSMs. Because the hardware lifecycle of the Luna G7 HSMs far exceeds the idealized lifecycle of a KSK, this would allow us to seamlessly migrate to new Thales HSMs in conjunction with a KSK rollover with far reduced operational complexity.

In the unlikely event Thales did completely exit the HSM market, due to the last point we anticipate having ample time to identify a suitable replacement. Addtionally, we anticipate less risk of HSM life expectancy forcing a compressed timeline to make that decision and organize the logistics.

We appreciate your concern and hope this provides some degree of assurance,

-Aaron