Re: How long before things would stop working properly?
"I'm surprised there isn't at least a third safe!"
There is. A HSM sits in a secure warehouse somewhere, containing an encrypted copy of the KSK with "Recovery Key Share Holders" around the world possessing smartcards (shards) to decrypt it.
If both key management facilities fall into the ocean, 5-of-7 RKSH smartcards and an encrypted KSK smartcard can reconstitute KSK in a new HSM.
Biting the hand that feeds IT
