[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?

Shane Kerr shane at isc.org
Tue Oct 16 10:34:44 UTC 2012


On Monday, 2012-10-15 05:55:16 -1000, 
Randy Bush <randy at psg.com> wrote:
> > A hardware HSM allows you to detect when your keys get stolen
> > (provided the hardware does not implement extraction of the keys, of
> > course).  In our case, this is the *only* reason we use a HSM at
> > all.
> i keep wondering about the use of hsms in dnssec and rpki signing.  i
> suspect that the threat model is not well thought out.

The only attack that I could see an HSM protecting against is an
insider stealing the keys without being detected, like Alexander
mentioned. The idea is that a motivated attacker could in principle
make a copy of the keys - but not if they are stored in an HSM.

I can't see any other actual security added.

Also note that there are possible weaknesses with even an HSM, depending
on how backups are made. These can be worked around with procedure and
extra layers of security (cameras, access logs, ...).

Even trickier is to protect against an internal conspiracy, but I don't
think anyone is really seriously worried about that threat.



More information about the dns-operations mailing list