IETF Logo Mail Archive

Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt

Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 21 April 2009 15:31 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6AF823A702E for <dnsop@core3.amsl.com>; Tue, 21 Apr 2009 08:31:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.807
X-Spam-Level:
X-Spam-Status: No, score=-5.807 tagged_above=-999 required=5 tests=[AWL=0.442, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s7LstHjcwJN6 for <dnsop@core3.amsl.com>; Tue, 21 Apr 2009 08:31:23 -0700 (PDT)
Received: from mx2.nic.fr (mx2.nic.fr [IPv6:2001:660:3003:2::4:11]) by core3.amsl.com (Postfix) with ESMTP id 317A13A7037 for <dnsop@ietf.org>; Tue, 21 Apr 2009 08:30:57 -0700 (PDT)
Received: from mx2.nic.fr (localhost [127.0.0.1]) by mx2.nic.fr (Postfix) with SMTP id 355E11C0183; Tue, 21 Apr 2009 17:32:13 +0200 (CEST)
Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx2.nic.fr (Postfix) with ESMTP id 30C421C0134; Tue, 21 Apr 2009 17:32:13 +0200 (CEST)
Received: from bortzmeyer.nic.fr (batilda.nic.fr [192.134.4.69]) by relay1.nic.fr (Postfix) with ESMTP id 2E95FA1D9A3; Tue, 21 Apr 2009 17:32:13 +0200 (CEST)
Date: Tue, 21 Apr 2009 17:32:13 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Edward Lewis <Ed.Lewis@neustar.biz>
Message-ID: <20090421153213.GA7564@nic.fr>
References: <20090306141501.4BA2F3A6B4B@core3.amsl.com> <49EDA81E.2000600@ca.afilias.info> <a06240805c6138a622949@[10.31.200.142]> <82iqkykq10.fsf@mid.bfk.de> <a06240807c61393343ac7@[10.31.200.142]>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <a06240807c61393343ac7@[10.31.200.142]>
X-Operating-System: Debian GNU/Linux 5.0.1
X-Kernel: Linux 2.6.26-1-686 i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2009 15:31:24 -0000

On Tue, Apr 21, 2009 at 11:25:59AM -0400,
 Edward Lewis <Ed.Lewis@neustar.biz> wrote 
 a message of 60 lines which said:

> My concern is first the database over the key, it's what matters in
> the event of catastrophic organizational failure.
>
> From that, it's a matter of "fate sharing."  What ever I do to protect my 
> most vital element (database) can be used to protect other things as 
> well, including the key. 

But the risk for the key is not only people modifying it, it is simply
people *reading* it (a concern which also exists for the database but
is much less important). 

I have no practical experience with HSMs but, in my mind, the
interesting thing is that they guarantee noone will read the key
without an authorization (that's quite unlike the database where you
certainly prefer a few unauthorized looks to a complete loss).

v2.23.0 | Report a Bug | By Email