Andy- I pretty much agree /w Kim. However, just for the record, as many of you know my personal opinion has been to either roll the KSK (as the community seems to desire) or replace the HSMs in a key ceremony with the 7 RKSHs present sooner than later. As 5 years was the recommended replacement interval for the HSMs (and what we therefore put in the DPS as a sensible rollover date), IMHO the conservative approach would be to replace the units before the 5 year mark as the units were purchased about a year prior to putting into service. As you know the HSMs are rarely "plugged-in" meaning that we are operating in the worst case scenario for the batteries which do not charge when plugged in (they are "primary" cells). So the tamper circuitry is continually drawing current. So, although the shelf-life of the battery is 10years according to the data sheet, the lifetime will be much less. That being said, Kim is right that conversations with the HSM vendor indicate that we are probably ok past 5 years. At minimum I have suggested that we review our HSM failure recovery procedures and be prepared. So I believe we are covered even in the worst case. I hope that helps. -Rick -----Original Message----- From: ksk-rollover-bounces@icann.org [mailto:ksk-rollover-bounces@icann.org] On Behalf Of Kim Davies Sent: Monday, September 22, 2014 7:02 PM To: Andy Linton Cc: ksk-rollover@icann.org Subject: Re: [ksk-change] [ksk-rollover] root zone KSK rollover operations workshop planning Hi Andy, On Sep 22, 2014, at 3:53 AM, Andy Linton <asjl@lpnz.org> wrote:
My understanding of the specs of the HSMs used in the current key
ceremonies is that they have a lifetime of around 5 years. Does this need to be factored into the planning for KSK rollover? The short answer is no. Irrespective of the work on KSK rollover, our intention is to either replace or augment the existing HSMs with new units next year. If there is a key rollover and it nicely aligns to this schedule, great, but I don't think the two activities are necessarily aligned. The HSMs report their battery status upon use and all are reporting good battery condition. We have spoken with the vendor and they have indicated they are expected to last more than 5 years. There seems to be no reason for immediate concern however we are taking a conservative approach to it. kim _______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover