Hi Michael, I would like to disclose that I am one of the Crypto Officers. For the sake of transparency, I'll mention that my travel expenses for the last KSK Ceremony were sponsored by ICANN. Please let me know if you would like to have more information about that or anything else which might cause a potential conflict of interest. At 01:24 PM 17-03-2019, Michael Richardson wrote:
Brute force is not the only attack: there are possible "Mission Impossible"-like exfiltration attacks against the HSM(s). Do these attacks depend upon how many keys there are? I don't think so.
After the last KSK Ceremony, there was a discussion with the Root Zone Manager (Public Technical Identifiers) about the physical controls for the facility [1] where some of the HSMs are located. I took the concerns raised on the different threads [2] into account for that discussion. The issue, as I see it, is not whether an "exflitration attack" could happen; it is whether it will be detected and publicly disclosed. Regards, S. Moonesamy 1. There are two facilities. I am commenting on the one which I have accessed. 2. As an example, https://mm.icann.org/pipermail/ksk-rollover/2019-February/000646.html