Randy, On Monday, 2012-10-15 05:55:16 -1000, Randy Bush <ra...@psg.com> wrote: > > A hardware HSM allows you to detect when your keys get stolen > > (provided the hardware does not implement extraction of the keys, of > > course). In our case, this is the *only* reason we use a HSM at > > all. > > i keep wondering about the use of hsms in dnssec and rpki signing. i > suspect that the threat model is not well thought out.
The only attack that I could see an HSM protecting against is an insider stealing the keys without being detected, like Alexander mentioned. The idea is that a motivated attacker could in principle make a copy of the keys - but not if they are stored in an HSM. I can't see any other actual security added. Also note that there are possible weaknesses with even an HSM, depending on how backups are made. These can be worked around with procedure and extra layers of security (cameras, access logs, ...). Even trickier is to protect against an internal conspiracy, but I don't think anyone is really seriously worried about that threat. Cheers, -- Shane _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
