<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 10/1/2014 7:26 PM, David Conrad
wrote:<br>
</div>
<blockquote
cite="mid:8CD78E83-0553-465D-A3EA-3F72FF76CBDC@icann.org"
type="cite">
<pre wrap="">Gaining unauthorized access to that HSM would be “bad”,</pre>
</blockquote>
<br>
This is one of those misperceptions that's important to correct
quickly.<br>
<br>
Gaining access to an HSM, <u><b>along with its ignition keys</b></u>
would be bad. Gaining access to the HSM by itself shouldn't be.
The whole purpose of an HSM is to make generic access to the HSM
non-bad. E.g. the key's locked inside and without the use
credential you ain't going to get it to do anything. Attempts to
extract a key will fail and ideally cause the HSM to zeroize.<br>
<br>
<blockquote type="cite">
<pre wrap="">so we’re probably not talking about storing the HSM under somebody’s bed.</pre>
</blockquote>
Actually, why not? If its a good HSM, then its a piece of iron
without the credentials to enable it. The critical piece is to
figure out how to prevent combination of the HSM with the unlocking
credentials until policy says you should, and that's a different
problem that keeping the HSM in a vault or under a bed.<br>
<br>
E.g. steal my smart card (another HSM, albeit in a smaller form
factor) and its of no use to you without the PIN.<br>
<br>
Later, Mike<br>
<br>
<br>
<br>
</body>
</html>