I would like to add that I support the addition of another vendor. Tomofumi and I spoke to another vendor about introducing a competing FIPS 140-2 level 4 HSM. In my opinion having other choices will be positive. Thanks, Al On 10/1/14, 6:48 PM, "Tomofumi Okubo" <tomofumi.okubo@gmail.com> wrote:
Hello,
On Wed, Oct 1, 2014 at 3:09 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
On Oct 1, 2014, at 2:15 PM, Jakob Schlyter <jakob@kirei.se> wrote:
With all due respect, I'd like to see those numbers. The cost is approximately "have an extra HSM stored somewhere where the other HSMs are not". I'm not sure how expensive that can be relative to "fly a bunch of folks around twice a year for the ceremonies", much less relative to "if we needed it, we could show people we had planned for it".
It will roughly cost around 500k to set up one key ceremony room but it's more about the overhead to manage the facilities.
Even if we don't store the HSMs for the backup keys at a different location, I think introducing a different brand of HSM for the backup key would have it's own benefits. We can prevent vendor lock-in and a single HSM brand failing (critical flaw in hardware etc...) and needing to do a full trust reboot. Not to mention, this will cost a lot of money (around 150k) too.
Cheers, Tomofumi _______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover