On Tue, 21 Apr 2009, Shane Kerr wrote:
When we looked at the problem of disgruntled or bribed employees, HSM (or the equivalent) was the only logical answer. Otherwise the private key can be copied off, probably without your knowledge, by trusted staff.
You could use something like Shamir's secret sharing scheme[*] to store the the private key securely outside an HSM. That can give you a 3 out of 5 trusted employees are needed everytime you need the KSK (which you would not need to have more then once every couple of weeks). But the costs of getting people together would probably end up costing a lot more then an HSM. Paul [*] http://point-at-infinity.org/ssss/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop