Speaking as the voice that questioned HSMs... At 13:19 +0200 4/27/09, Peter Koch wrote:
o the WG believes that the use of HSMs for DNSSEC KSKs is useful {is that useful as in "RECOMMENDED"?} for a certain type of zones ("high profile"?) to minimize the risk of an unnoticed key compromise (copy).
I would say "it's useful" not "for a certain type of zone" but in operations where access to the signing machine cannot be sufficiently controlled for one reason or another, where the likelihood that an unauthorized person could gain access to the private key is greater than the threshold of comfort. It's not so much the kind of zone it is, but rather the way the zone is operated/engineered.
I.e., even though I'd question why an HSM is appropriate in some circumstances, I still think they can be useful in a wide range of operational models.
The term "HSM", though, doesn't imply any particular security level unless some certification is provided. If the WG would like to make recommendations here, we should keep in mind who our target audiences are and how to serve an international readership, especially if the to-be-BCP should make it into or be referenced by some RFP type document.
Perhaps we should avoid the RFC 5513 "HSM" and just spell it out - a (cryptographic) hardware support module.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Getting everything you want is easy if you don't want much. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop