Hi!
It's been a while since I've implemented a PKI that has access to a HSM, and I'm wondering if the concept of having an offline Root CA still applies?
Since you can't sign any objects without having the sufficient amount of tokens for the HSM, I can't really see what an attacker can do with an online Root?
If the attacker somehow was able to gain unlimited access to the machine, and install a memory dumping application, thenmaybe he'll be able to dump the private keys once the HSM loads them into memory. Though as I understand it, the newer HSM's that have their own cryptographic providers, avoid this issue by protecting the memory itself during execution. Correct me if I'm wrong here...
Don't get me wrong, there is no question in that taking the Root completely offline is by far the most secure thing you can do after implementing an HSM, but what I'm interested in is if the administrative overhead that is created by an offline Root CA, still factors in lower than any real risk/threat that an online Root CA can experience when it's private keys are secured by an HSM?