[dns-operations] [Ext] Re: Destroying HSMs

Kim Davies kim.davies at iana.org
Thu Feb 1 17:23:52 UTC 2018

Quoting Tony Finch on Thursday February 01, 2018:
> Is this going to be like the way GCHQ required the Guardian to destroy
> some computers with Dremels and a degausser?

We are bringing in a vendor who specializes in the secure destruction
of such things. Bear in mind these HSMs were already formally zeroized
at a previous ceremony, which makes the physical destruction of the
cryptographic module essentially an exercise in security theatre.
However, it didn't seem quite right to simply take the HSMs out of
service as-is.


More information about the dns-operations mailing list