At 13:03 -0500 1/21/10, Paul Wouters wrote:
Maybe make it more explicit that an intra-organisation key change can
and probably should happen frequently, where-as an inter-organisational
key change, because it involves other organisations, is more difficult
and should be kept to a minimum?
Well, "the motivation" in the historical sense is what I had in mind
when writing, as opposed to "the motivation" in the sense of the
reason for something.
Again, think of a zone administrator who had access to a private ZSK
leaving your organisation. It would be a good security policy to rollover
the ZSK as part of the procedure of revoking this person's access to
the organisation. And a good reason to have an HSM so you do not need
to do the same with the KSK.
I don't get the last sentence of what you wrote.
The trouble is, there's no good general statement that can be made
here. There are cases in which I would say an HSM is a good thing
and there are cases where it is merely window dressing. In places
where one might think it is essential are the very places where it
might be most optional.
If we don't have a HSM and someone who had access to the key leaves,
it's not hard for us to (in the future) contact IANA and change our
key. While the HSM might prevent any employee's leaving from being a
threat, the defense against the threat is cheap (an email/phone
call/whatever to IANA).
I'm not trying to find excuses for avoiding an HSM. Just pointing
out why I can't endorse them as functional necessities.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
