[ksk-rollover] Thales Luna Credentials questions
Will Tubby
willtubby2005 at gmail.com
Sun Mar 3 19:18:26 UTC 2024
Hi,
I have a few questions about the key cards.
>From looking at the document linked in response to mike I believe that the
CO and SO cards act the same as they did on the Keyper. It also appears
that the AAK and APP cards are combined to form the domain cards. Is this
correct?
I can not seem to find an alternative to the OP cards, is there a reason
for this.
Additionally I can not seem to find a replacement for SMK cards.
I attempted to investigate myself and found that when the SMK cards were
used to set up a new HSM only 3 cards were used and they were already in
the KMF. I thought that SMK cards are held by RKSHs and that 5 are
required, not 3.
Also a backup HSM is mentioned in the document. Is this in place of an APP
card?
What credentials will be required to transfer a KSK to a new HSM?
What credentials will be required to apply existing cards to a new HSM?
What credentials will be required to decrypt the KSK backup?
Kind Regards
Will
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ksk-rollover/attachments/20240303/e57afadb/attachment.html>
More information about the ksk-rollover
mailing list