[Dnssec-deployment] Root key rolling (was NIST guidance as to DNSSEC and others)
jakob at kirei.se
Thu Feb 9 02:35:26 EST 2012
On 9 feb 2012, at 01:48, Michael StJohns wrote:
> A key on the HSM can be compromised:
> via compromise of the HSM hardware,
> a fault in the HSM firmware
> by theft of the HSM along with the activation credentials,
> by theft of the HSM master keys (not sure the HSM you're using has externalized master keys - so) and the encrypted back up material.
One should note that this is instantaneously detectable by facility monitoring, security guards, alarms and whatnot, ...
> A key outside of the HSM can be compromised by:
> decrypting the backup
> which implies that you a) have a copy of the backup
> and b) have the key shares or
> c) have a way of breaking the encryption.
... whereas this is not detectable until someone launches an attack.
More information about the Dnssec-deployment