Hello Mike, On Wed, Oct 1, 2014 at 4:39 PM, Michael StJohns <msj@nthpermutation.com> wrote:
On 10/1/2014 7:26 PM, David Conrad wrote:
Gaining access to an HSM, along with its ignition keys would be bad. Gaining access to the HSM by itself shouldn't be. The whole purpose of an HSM is to make generic access to the HSM non-bad. E.g. the key's locked inside and without the use credential you ain't going to get it to do anything. Attempts to extract a key will fail and ideally cause the HSM to zeroize.
I do agree that in general, gaining access to the HSM is not equivalent to gaining access to the key materials on the HSM if its without the credentials although, if the adversary's objective is to sabotage the operation, they can simply destroy the HSM (and key that resides on it) so I still believe that unauthorized access to the HSM is pretty bad (from a key management standpoint). Cheers, Tomofumi