Name: George Michaelson
Date: 23 Oct 2023
Original Public Comment: Draft Report of the Root Zone DNSSEC Algorithm Rollover Study
The details of how a downgrade in FIPS-120 profile affects operations should be drawn out. Since the use of the HSM is bound in ceremonies which place a high degree of transparency and compliance to process on their use, i tend to think it will be small but it probably has to be explicitly noted.
The deployment of new HSM hardware and associated processes and ceremony changes should not be performed during the algorithm change, but made in advance. The new HSM should be a fully bedded-in process before the significant change takes place.
There is insufficient reference to active measurement before, during and after the change. Thee should be explicit intent to measure behaviours and to reflect on the measurements.
Summary of Submission
more detail of the consequences of FIPS-120 operating mode change should be made.
new HSM hardware and ceremony changes should be bedded in before the algorithm change.
more reference to measurement before, during and after algorithm change should be made.