Hi, thank you for the reply and context. S Moonesamy <sm+icann@elandsys.com> wrote: > At 01:24 PM 17-03-2019, Michael Richardson wrote: >> Brute force is not the only attack: there are possible "Mission >> Impossible"-like exfiltration attacks against the HSM(s). Do these >> attacks >> depend upon how many keys there are? I don't think so. > After the last KSK Ceremony, there was a discussion with the Root Zone > Manager (Public Technical Identifiers) about the physical controls for > the facility [1] where some of the HSMs are located. I took the > concerns raised on the different threads [2] into account for that > discussion. The issue, as I see it, is not whether an "exflitration > attack" could happen; it is whether > it will be detected and publicly disclosed. I am not addressing the absolute risk of exfiltration attacks, but rather asking if having more keys in the HSM causes a relative change to the risk of exfiltration attacks. More keys generated might mean that the HSM is unlocked more often, but I don't think this would be the case. My understanding is that the HSMs need to be acccessed on a regular basis by the Security Officers anyway in order to sign new ZSKs. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-