<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1541242358;
mso-list-type:hybrid;
mso-list-template-ids:-1352082774 -658071192 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.25in;
text-indent:-.25in;
font-family:"Calibri",sans-serif;
mso-fareast-font-family:Calibri;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.75in;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.25in;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style></head><body lang=EN-US link="#0563C1" vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Hi Mike,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thales Luna USB G7 HSM is a standalone hardware cryptographic module. The cryptographic module is contained in its own enclosure that provides physical resistance and tamper-evidence. Any tampering that might compromise a module's security is detectable by visual inspection of the physical integrity of a module.<o:p></o:p></p><p class=MsoNormal>Within the plastic enclosure, a hard opaque epoxy covers the circuitry of the cryptographic module. Attempts to remove this epoxy will cause sufficient damage to the cryptographic module so that it is rendered inoperable.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The module is designed to sense and respond to out-of-range temperature conditions as well as out-of-range voltage conditions. The temperature and voltage conditions are monitored in the power-on state. If the module senses an out-of-range temperature or over voltage, the module will reset itself, clear all working memory and log the event.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The module is accessed directly (i.e., electrically) over the USB interface. It also has an LCD touchscreen for displaying system status.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>It has a small internal backup battery (3.6V) that is only used to power the module's real-time clock.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The HSM will be stored in a Secure Transport Mode (STM). a random string and a fingerprint of the internal state of the module is output from the module. The fingerprint is a SHA2-256 digest of the random string, module CSPs, firmware, module configuration information, and non-volatile memory. Only the HSM Security Officer (SO) credential can put the module into STM and take it out of STM.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Additionally, the HSM will be stored in a Tamper-Evident Bag (TEB) inside of the safe.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>More information about the analysis of the HSM selection can be found here <a href="https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf">https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf</a> <o:p></o:p></p><p class=MsoNormal>This goes into detail outlining the differences between the FIPS security levels, tamper monitoring levels, etc.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Responding to your specific questions:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Is there an internal battery?<o:p></o:p></p><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='margin-left:-.25in;mso-list:l0 level1 lfo1'>Only the small internal backup battery (3.6V) is used to power the module's real-time clock.<o:p></o:p></li></ul><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Is it replaceable?<o:p></o:p></p><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='margin-left:-.25in;mso-list:l0 level1 lfo1'>No<o:p></o:p></li></ul><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>How often does this USB HSM need to be plugged into power to maintain the internal battery?<o:p></o:p></p><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='margin-left:-.25in;mso-list:l0 level1 lfo1'>Doesn't have an internal battery to power the cryptographic module.<o:p></o:p></li></ul><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>What happens if you leave it in a safe for a year - or alternately, how long can the unit remain unplugged before it wipes its keys?<o:p></o:p></p><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='margin-left:-.25in;mso-list:l0 level1 lfo1'>The keys will remain in the HSM as long the HSM is not tampered.<o:p></o:p></li></ul><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>What's the lifetime of the battery before replacement?<o:p></o:p></p><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='margin-left:-.25in;mso-list:l0 level1 lfo1'>There is no battery to power the cryptographic module that needs replacement.<o:p></o:p></li></ul><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Best regards,<o:p></o:p></p><div><div><div><p class=MsoNormal>--<o:p></o:p></p><p class=MsoNormal>Andres Pavez<o:p></o:p></p></div></div></div><p class=MsoNormal>Cryptographic Key Manager<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal style='margin-left:.5in'>On 2/29/24, 10:21, "ksk-rollover on behalf of Michael StJohns via ksk-rollover" <<a href="mailto:ksk-rollover-bounces@icann.org">ksk-rollover-bounces@icann.org</a> on behalf of <a href="mailto:ksk-rollover@icann.org">ksk-rollover@icann.org</a>> wrote:<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>Hi -<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>The product brief for the Luna USB G7 doesn't provide a lot of data. The previous HSM provided level four hardware protection - e.g. a tamper perimeter and the ability to zeroize the keys if someone tried to decap the thing. That's almost entirely dependent on having a constant power source - usually a three stage line/battery/capacitor model.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>On the PCI cards, there's a Li ion battery - a rather large one - on the card just in front of the tamper covered HSM engine. See <a href="https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm">https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm</a><o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><div><p class=MsoNormal style='margin-left:.5in'>The older luna USB HSM had a battery compartment - I can't see one on the images I've been able to find of the current one. It was also a most Level 2 device with L3 security.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'>My questions are these: Is there an internal battery? Is it replaceable? How often does this USB HSM need to be plugged into power to maintain the internal battery? What happens if you leave it in a safe for a year - or alternately, how long can the unit remain unplugged before it wipes its keys? What's the lifetime of the battery before replacement?<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>Later, Mike<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><div><p class=MsoNormal style='margin-left:.5in'>On 2/28/2024 7:20 PM, James Mitchell via ksk-rollover wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal style='margin-left:.5in'>ICANN has announced the schedule to generate the next KSK.<o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'> <o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'>Generating a new KSK restarts the process announced last year, which was suspended after it was identified that a supplier of key equipment used to store the KSK (known as a Hardware Security Module, or HSM) would be exiting the business during the expected lifespan of the new KSK.<o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'> <o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'>The next KSK will be generated on new Thales Luna USB G7 HSMs.<o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'> <o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'>The announcement and information regarding the new HSMs is published at <a href="https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en">https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en</a>.<o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'> <o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'>James Mitchell<o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'>IANA<o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'> <o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'><br><br><o:p></o:p></p><pre style='margin-left:.5in'>_______________________________________________<o:p></o:p></pre><pre style='margin-left:.5in'>ksk-rollover mailing list<o:p></o:p></pre><pre style='margin-left:.5in'><a href="mailto:ksk-rollover@icann.org">ksk-rollover@icann.org</a><o:p></o:p></pre><pre style='margin-left:.5in'><a href="https://mm.icann.org/mailman/listinfo/ksk-rollover">https://mm.icann.org/mailman/listinfo/ksk-rollover</a><o:p></o:p></pre><pre style='margin-left:.5in'><o:p> </o:p></pre><pre style='margin-left:.5in'>_______________________________________________<o:p></o:p></pre><pre style='margin-left:.5in'>By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></pre></blockquote><p style='margin-left:.5in'><o:p> </o:p></p></div></body></html>