Speaking as the voice that questioned HSMs...
At 13:19 +0200 4/27/09, Peter Koch wrote:
o the WG believes that the use of HSMs for DNSSEC KSKs is useful {is
that useful as in "RECOMMENDED"?} for a certain type of zones ("high
profile"?) to minimize the risk of an unnoticed key compromise (copy).
I would say "it's useful" not "for a certain type of zone" but in
operations where access to the signing machine cannot be sufficiently
controlled for one reason or another, where the likelihood that an
unauthorized person could gain access to the private key is greater
than the threshold of comfort. It's not so much the kind of zone it
is, but rather the way the zone is operated/engineered.
I.e., even though I'd question why an HSM is appropriate in some
circumstances, I still think they can be useful in a wide range of
operational models.
The term "HSM", though, doesn't imply any particular security level
unless some certification is provided. If the WG would like to make
recommendations here, we should keep in mind who our target audiences are
and how to serve an international readership, especially if the to-be-BCP
should make it into or be referenced by some RFP type document.
Perhaps we should avoid the RFC 5513 "HSM" and just spell it out - a
(cryptographic) hardware support module.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
Getting everything you want is easy if you don't want much.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
