Hello Paul,
On Thu, Oct 2, 2014 at 12:11 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
1) Is there an advantage to having two long-term KSKs in the same facilities that we have now?
Yes. I mentioned this before but the backup key could reside on different HSMs. This will prevent vendor lock-in and reduce the risk of all HSMs going bad at once for some reason (critical flaw etc...).
2) Is there sufficient funding to having an additional facility (or two) for the additional KSK?
I'm not sure about this one... Just FYI, to build a facility from scratch, it will take at least 6 - 8 months. To update the policies and procedures in a manner that it won't affect the third party audit, it will take at least another 6 months including the inspection by the auditors. Cheers! Tomofumi