[ksk-change] Keeping two KSK keys long term
Michael StJohns
msj at nthpermutation.com
Thu Oct 2 18:06:40 UTC 2014
On 10/2/2014 1:42 PM, Bolivar, Al wrote:
> I would like to add that I support the addition of another vendor.
> Tomofumi and I spoke to another vendor about introducing a competing FIPS
> 140-2 level 4 HSM. In my opinion having other choices will be positive.
>
> Thanks,
>
> Al
One of my pet peeves with the HSM vendors is that none of them provide
more than rudimentary policy controls on the use of keys. I keep
waiting for someone to make an HSM that implements either the Javacard
Connected standards or something similar so I can define a programmatic
policy wrapper more comprehensive than "I need a PIN to use it" "I need
two PINs to use it" "I need a smart card to use it" etc. I can do this
on a smart card, why is it so hard to do it on a big iron HSM?
Mike
More information about the ksk-rollover
mailing list