By Mikkel Hald, 14/01/21
All data traffic from WAYF is signed using a private key residing in a hardware security module ('HSM'), and so the key cannot be hacked.
WAYF's current HSMs are, however, end-of-life, and in the process of being replaced by two new ones.
WAYF's new HSMs are two Thales Luna S790s, each with a capacity for creating about 10,000 digital signatures a second (using 2K keys). The current HMSs can only produce around 1,200 signatures per second.
Installation of the new HMSs and migration of private keys from the current ones are in progress, and expected to be completed within January, without any interruption of the WAYF service.