<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 10/1/2014 7:44 PM, David Conrad
wrote:<br>
</div>
<blockquote
cite="mid:86C89E10-2FBF-4A16-848E-D2B0827F66EA@icann.org"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div>Mike,</div>
<div><br>
</div>
On Oct 1, 2014, at 4:39 PM, Michael StJohns <<a
moz-do-not-send="true" href="mailto:msj@nthpermutation.com">msj@nthpermutation.com</a>>
wrote:<br>
<div>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 10/1/2014 7:26 PM, David
Conrad wrote:<br>
</div>
<blockquote
cite="mid:8CD78E83-0553-465D-A3EA-3F72FF76CBDC@icann.org"
type="cite">
<pre wrap="">Gaining unauthorized access to that HSM would be “bad”,</pre>
</blockquote>
This is one of those misperceptions that's important to
correct quickly.<br>
</div>
</blockquote>
<div><br>
</div>
Fair enough. Poor wording. Apologies.</div>
<div><br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">Gaining access to an
HSM, <u><b>along with its ignition keys</b></u> would be
bad. </div>
</blockquote>
<div><br>
</div>
Yes. I’d assumed this was understood.</div>
<div>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000">
<blockquote type="cite">
<pre wrap="">so we’re probably not talking about storing the HSM under somebody’s bed.</pre>
</blockquote>
Actually, why not? </div>
</blockquote>
<div><br>
</div>
<div>Because it increases the risk of being able to gain full
access since you only need to get the other half (the
“unlocking credentials”).</div>
</div>
</blockquote>
<br>
AIRC the unlocking credentials for the HSM require something more
than just a single smart card? You'd need to grab the HSM, plus
enough of the unlocking credentials to enable the device.<br>
<br>
It's mostly just a numbers game. I'm going to follow up on
Richard's note with a more comprehensive discussion.<br>
<br>
<br>
<blockquote
cite="mid:86C89E10-2FBF-4A16-848E-D2B0827F66EA@icann.org"
type="cite">
<div><br>
</div>
<div>Regards,</div>
<div>-drc</div>
<div><br>
</div>
<br>
</blockquote>
<br>
</body>
</html>