Web expert on his 'catastrophe' key for the internet
A British computer expert has been entrusted with part of a digital key, to help restart the internet in the event of a major catastrophe. Paul Kane talked to Eddie Mair on Radio 4's PM programme about what he might be called upon to do in the event of an international online emergency. http://www.bbc.co.uk/news/uk-10781240
Great! So I assume he is an elder of the Internet? http://www.youtube.com/watch?v=iRmxXp62O8g On 7/27/10 4:43 PM, "andrew.wallace" <andrew.wallace@rocketmail.com> wrote:
A British computer expert has been entrusted with part of a digital key, to help restart the internet in the event of a major catastrophe.
Paul Kane talked to Eddie Mair on Radio 4's PM programme about what he might be called upon to do in the event of an international online emergency. http://www.bbc.co.uk/news/uk-10781240
On Tue, 27 Jul 2010 16:43:21 PDT, "andrew.wallace" said:
A British computer expert has been entrusted with part of a digital key, to help restart the internet in the event of a major catastrophe.
You *do* realize this "news" is like two months old, right? http://www.icann.org/en/announcements/announcement-2-07jun10-en.htm The DNS root has been signed in production for over 2 weeks now. That plus the phrase "restarting the Internet" is more than a little bit misleading. One has to wonder if there was a *complete* failure of the Internet, and it needed "restarting", whether enough people holding shares would be able to get to the same place to have another root-signing ceremony. Consider the impact on plane reservations, etc. Those of us who lived through the Morris worm fragmenting the Arpa/Milnet in 1988 and things like major worm-induced outages remember what a hassle it was to *really* restart the net. Calling up your upstream on the phone asking if it was safe to turn up the link again, or looking for help in cleaning your net before you reconnected, etc...)
Those of us who lived through the Morris worm fragmenting the Arpa/Milnet in 1988 and things like major worm-induced outages remember what a hassle it was to *really* restart the net. Calling up your upstream on the phone asking if it was safe to turn up the link again, or looking for help in cleaning your net before you reconnected, etc...)
Weren't the FCC and at&t recently suggesting that VoIP was the future of telephony? I can just imagine how it'll be trying to call your upstream to have them reconnect you... "Your call could not be completed at this time. Your circuit is not connected. Please hang up, connect to the Internet, and then try your call again." Ha. Now, seriously, at what point do we lose visibility of the bigger picture? Twenty years ago, the PSTN wasn't horribly hard to grasp and was sufficiently distinct that one could understand the set of circumstances that would render both phone and data unusable. As wonderful as the new communications paradigms are, do we also have a situation now developing where it might eventually become very difficult or even impossible to ensure out-of-band lines of communications remain available? ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Tue, Jul 27, 2010 at 5:38 PM, Joe Greco <jgreco@ns.sol.net> wrote:
As wonderful as the new communications paradigms are, do we also have a situation now developing where it might eventually become very difficult or even impossible to ensure out-of-band lines of communications remain available?
That's already a problem for getting alert pages. Any actual *pager* companies left? They all seem to have gone to SMS systems. -- http://neon-buddha.net
On Tue, Jul 27, 2010 at 5:38 PM, Joe Greco <jgreco@ns.sol.net> wrote:
As wonderful as the new communications paradigms are, do we also have a situation now developing where it might eventually become very difficult or even impossible to ensure out-of-band lines of communications remain available?
That's already a problem for getting alert pages. Any actual *pager* companies left? They all seem to have gone to SMS systems.
Well, USA Mobility was supporting ReFLEX pagers for us up until I got tired of playing the tech support "try this alternate TAP dialup number" game that seemed to be needed every year or so, because suddenly messages wouldn't be delivered or would be queued for many hours (and these are two-way pagers we're talking about, the network knows where they are). That was probably less than a year ago when I got fed up and told them we weren't renewing. Relatively speaking, at&t's Enterprise Paging (which appears to just be enterprise SMS with a TAP/SNPP gateway) has been a lot more reliable. I have no idea how reliable it'd be in a major telecom crisis, of course. Aren't there still some satellite pager providers out there? :-) ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Tue, 27 Jul 2010 21:21:56 -0400, Jim Richardson <weaselkeeper@gmail.com> wrote:
That's already a problem for getting alert pages. Any actual *pager* companies left? They all seem to have gone to SMS systems.
SkyTel is the only one I remember. Sadly, their coverage is about that of Cricket or Clearwire. (at least in NC) On Tue, 27 Jul 2010 21:37:57 -0400, Joe Greco <jgreco@ns.sol.net> wrote:
Relatively speaking, at&t's Enterprise Paging (which appears to just be enterprise SMS with a TAP/SNPP gateway) has been a lot more reliable. I have no idea how reliable it'd be in a major telecom crisis, of course.
I'd expect it to work as well as the cellular network, since it's riding on it. (read: it stops working when your cellphone does.) SkyTel *used* to have satelite pagers. I don't think anyone runs such a network anymore... the pagers were bulky and the network is quite expensive to run. (just look at Iridium.) --Ricky
On Tue, 27 Jul 2010 21:37:57 -0400, Joe Greco <jgreco@ns.sol.net> wrote:
Relatively speaking, at&t's Enterprise Paging (which appears to just be enterprise SMS with a TAP/SNPP gateway) has been a lot more reliable. I have no idea how reliable it'd be in a major telecom crisis, of course.
I'd expect it to work as well as the cellular network, since it's riding on it. (read: it stops working when your cellphone does.)
Right, I think I pointed out it was basically SMS, despite being billed as "enterprise paging," which brings us back to the previous question.... Or are you saying that there are SMS networks out there that aren't part of the cellular network? :-)
SkyTel *used* to have satelite pagers. I don't think anyone runs such a network anymore... the pagers were bulky and the network is quite expensive to run. (just look at Iridium.)
Yes, fun. The downside of the evolution of capable cellular devices. It's still an interesting issue, though. As data and telecom become impossible to tell apart, how do you go about arranging for notification services that work when some particular layer/portion of the Internet's broken? What parts of any virtual circuit from your monitoring server to your belt device are impacted by an Internet failure? By a worm that manages to take out gear that handles both Internet traffic and private network VoIP? Etc. What happens in twenty years when at&t-the-legacy- telco has been spun off, gone all VoIP, and has gotten out of the long haul biz and rents IP capacity from some other major backbone? The potential for interdependence in the future could be a very complicated issue. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On 28 July 2010 04:52, Joe Greco <jgreco@ns.sol.net> wrote:
Right, I think I pointed out it was basically SMS, despite being billed as "enterprise paging," which brings us back to the previous question....
Or are you saying that there are SMS networks out there that aren't part of the cellular network? :-)
I'm not sure of the situation over in NA, but in Europe, yes. M
On Tue, 27 Jul 2010, Joe Greco wrote:
Weren't the FCC and at&t recently suggesting that VoIP was the future of telephony?
BT are currently upgrading the UK's phone system to VOIP. But it's running on a private network. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ SOUTH FITZROY: NORTHEASTERLY 5 TO 7. MODERATE OR ROUGH. FAIR. GOOD.
On 28/07/2010 15:17, Tony Finch wrote:
On Tue, 27 Jul 2010, Joe Greco wrote:
Weren't the FCC and at&t recently suggesting that VoIP was the future of telephony?
BT are currently upgrading the UK's phone system to VOIP. But it's running on a private network.
Aren't BT still failing to trust the new softswitches and still planning to stick with System X until the sun goes cold? adam.
On 07/28/2010 02:21 AM, Valdis.Kletnieks@vt.edu wrote:
That plus the phrase "restarting the Internet" is more than a little bit misleading.
If you think that is misleading, you would want to see this article: http://www.metro.co.uk/news/836210-brit-given-a-key-to-unlock-the-internet By some reports some have "counted 11 factual errors" in just this small article. I think a journalist created the article based on a similair interview like the BBC.
Leen Besselink wrote:
On 07/28/2010 02:21 AM, Valdis.Kletnieks@vt.edu wrote:
That plus the phrase "restarting the Internet" is more than a little bit misleading.
If you think that is misleading, you would want to see this article:
http://www.metro.co.uk/news/836210-brit-given-a-key-to-unlock-the-internet
Yes, we've been howling with derision about that on this side of the pond for the last couple of days. Putting the source into perspective though, The Metro isn't known for quality journalism - its a free paper liberally scattered around London (usually found as entertaining reading material when you're stuck on the tube going somewhere late at night). Paul.
On Wed, 28 Jul 2010, Leen Besselink wrote:
If you think that is misleading, you would want to see this article:
http://www.metro.co.uk/news/836210-brit-given-a-key-to-unlock-the-internet
See also the press releases from Bath University: http://www.bath.ac.uk/news/2010/07/26/internet-security/ and CommunityDNS themselves: http://cdns.net/ROOT-DNSSEC.html The problem seems to be that Bath's press office decided to sex up the story and Metro confused DNSSEC with the Internet kill switch proposal. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ SHANNON: NORTHWEST, BACKING SOUTH OR SOUTHWEST, 3 OR 4. ROUGH BECOMING MODERATE. RAIN OR DRIZZLE WITH FOG PATCHES. MODERATE OR GOOD, OCCASIONALLY VERY POOR.
andrew.wallace@rocketmail.com (andrew.wallace) wrote:
A British computer expert has been entrusted with part of a digital key, to help restart the internet in the event of a major catastrophe.
Paul Kane talked to Eddie Mair on Radio 4's PM programme about what he might be called upon to do in the event of an international online emergency. http://www.bbc.co.uk/news/uk-10781240
One, I do not see the operational relevance of this "news". Second, people cult is just not the hype anymore. Third, my opinion towards Mr. Kane will stay with myself.
On Wed, 2010-07-28 at 10:33 +0200, Elmar K. Bins wrote:
One, I do not see the operational relevance of this "news".
The real problem is that articles like this DO get considerable attention in the UK - a place where "the internet" has yet to gain true understanding and recognition as a national business and government asset in the eyes of the general consumer populace and their politicians. Stories written like this still have a "wow" factor, both with the unconnected and the great unwashed customers in general.
Second, people cult is just not the hype anymore
Rest assured, none of the intended viewers know or care who the dungeon-master is :) All they care about is their "MSN" working. They have to depict someone doing something, and ascii-armored printout is far too confusing for the folks to comprehend. Gord -- You have been eaten by a grue
On Wed, Jul 28, 2010 at 9:33 AM, Elmar K. Bins <elmi@4ever.de> wrote:
andrew.wallace@rocketmail.com (andrew.wallace) wrote:
A British computer expert has been entrusted with part of a digital key, to help restart the internet in the event of a major catastrophe.
Paul Kane talked to Eddie Mair on Radio 4's PM programme about what he might be called upon to do in the event of an international online emergency.
One, I do not see the operational relevance of this "news". Second, people cult is just not the hype anymore. Third, my opinion towards Mr. Kane will stay with myself.
I think there is a social vulnerability in a group of people who need to travel, a lot of the time, by plane, to exactly the same location to make new keys to reset DNSSEC. What I think is, this is leaving them wide open to attack. If an attack was state-sponsored, its likely they would be able to stop those selected people reaching the location in the United States by way of operational officers intercepting them by kidnap or murder, and indeed, a cyber attack without the need for human intervention to stop the select people getting to their destination could be done by knocking out the air traffic system. Which would, hamper the resetting and creation of new keys for DNSSEC. Even without the select people being prevented from reaching their location in the United States, the disclosure tells the bad guys, approximately how long an attack window they've got between the selected people leaving their work or home and travelling by plane to the location. It would have been better if the people who are the selected key holders was kept classified, a lot of the information given out wasn't in the public interest, or in the national interest for the arrangements to be made public. I'm guessing also, Mr.Kane would be travelling to the United States in a military plane and not a commercial airliner, but who knows? Of course this is just my opinion. Andrew Wallace
On Wed, 28 Jul 2010 09:24:57 PDT, "andrew.wallace" said:
What I think is, this is leaving them wide open to attack. If an attack was state-sponsored, its likely they would be able to stop those selected people reaching the location in the United States by way of operational officers intercepting them by kidnap or murder, and indeed, a cyber attack without the need for human intervention to stop the select people getting to their destination could be done by knocking out the air traffic system. Which would, hamper the resetting and creation of new keys for DNSSEC.
Movie-plot threat. Hint 1 - if you want to cause actual mischief, I'd start the merriment over at gtld-servers.net rather than the actual root, or maybe even one more level down at the actual TLD servers. '.' is small enough that it can easily be hand-verified if need be, but there's like 140M things under .com handled by dozens of registries and registrars - even with DNSSEC, plenty of room for fun and games. (What protection does DNSSEC grant you against a squatter who snarfs up a domain name that's accidentally expired due to a billing issue?) Hint 2 - What do the 5th and 6th fields on the '.' SOA entry mean, especially in this context? In particular, what operational aspect does the specified 5th value give us if we're contemplating this movie-plot scenario?
Even without the select people being prevented from reaching their location in the United States, the disclosure tells the bad guys, approximately how long an attack window they've got between the selected people leaving their work or home and travelling by plane to the location.
Bzzt! Wrong, but thank you for playing. The bad guys *actual* window is between when the current root keys are lost/ compromised, and when the selected people *leave* to go to the selected location. Once you learn that the root key is compromised, you can take other steps to mitigate damage (see hint 2 above). When Paul Kane gets that phone call that says he needs to take a plane trip, the window is *closing*, not opening.
It would have been better if the people who are the selected key holders was kept classified, a lot of the information given out wasn't in the public interest, or in the national interest for the arrangements to be made public.
Obviously you have approximately zero understanding of the crypto community. They tend to be the most paranoid people out there - and the *only* way to get acceptance of a signed root was to make sure that ICANN is *not* in posession of enough keying material to sign a key by itself. In addition, the owners of keys need to be publicly known, to avoid allegations of "ICANN and a bunch of unnamed people not associated with them. Honest - trust us". In the crypto world, "trust us" is a fast path to Bruce Schneier's Doghouse.
Of course this is just my opinion.
There's opinions, and opinions backed by operational experience.
Obviously you have approximately zero understanding of the crypto community. They tend to be the most paranoid people out there - and the *only* way to get acceptance of a signed root was to make sure that ICANN is *not* in posession of enough keying material to sign a key by itself. In addition, the owners of keys need to be publicly known, to avoid allegations of "ICANN and a bunch of unnamed people not associated with them. Honest - trust us".
Also, these famous guys selected as part of the TCR group where the number is not actually seven, don't even have enough material to sign anything by themselves. The RKSH or Recovery Key Share Holder just holds in a tamper evident bag, a smart card with part of the key used to encrypt the backup copies of the HSM (Hardware Security Module). I'd love to see how they can "restart the world wide web" with that ... Cheers Jorge
On Wed, 28 Jul 2010 14:20:51 CDT, Jorge Amodio said:
Also, these famous guys selected as part of the TCR group where the number is not actually seven, don't even have enough material to sign anything by themselves.
Of course not. The only real requirement is that the TCR group hold enough shares so ICANN can't sign anything without them. For instance, make 12 shares, give 6 to ICANN and 1 to each of six TCR people, and then require 11 shares in order to sign something. The only way anything happens is for ICANN and at least 5 TCR to cooperate - which is about the only way to make it palatable for all concerned.
Also, these famous guys selected as part of the TCR group where the number is not actually seven, don't even have enough material to sign anything by themselves.
Of course not. The only real requirement is that the TCR group hold enough shares so ICANN can't sign anything without them. For instance, make 12 shares, give 6 to ICANN and 1 to each of six TCR people, and then require 11 shares in order to sign something. The only way anything happens is for ICANN and at least 5 TCR to cooperate - which is about the only way to make it palatable for all concerned.
Have you noticed that the Provisional TCR Proposal doc from ICANN has the page numbers encrypted ? (http://www.root-dnssec.org/wp-content/uploads/2010/04/ICANN-TCR-Proposal-201...) Looks it is the strange "I don't know how to number pages on pdf files" algorithm :-) Cheers Jorge
On 7/28/2010 1:16 PM, Jorge Amodio wrote:
Also, these famous guys selected as part of the TCR group where the number is not actually seven, don't even have enough material to sign anything by themselves. Of course not. The only real requirement is that the TCR group hold enough shares so ICANN can't sign anything without them. For instance, make 12 shares, give 6 to ICANN and 1 to each of six TCR people, and then require 11 shares in order to sign something. The only way anything happens is for ICANN and at least 5 TCR to cooperate - which is about the only way to make it palatable for all concerned. Have you noticed that the Provisional TCR Proposal doc from ICANN has the page numbers encrypted ?
(http://www.root-dnssec.org/wp-content/uploads/2010/04/ICANN-TCR-Proposal-201...)
Looks it is the strange "I don't know how to number pages on pdf files" algorithm :-)
Cheers Jorge
Add the numbers to the pages when the pdf IS printed. Its in the printing configuration. Todd
The story keeps growing out of proportion and in the wrong direction ... This one claims that "six" guys hold the keys to bring back porn : http://indyposted.com/34983/six-guys-have-the-keys-to-the-internet/comment-p... And ABC is talking about the "brotherhood" : http://abcnews.go.com/Technology/brotherhood-internet-keys-chosen/story?id=11271450&page=2 On the next ICANN meeting we should shave their heads and give them a monk outfit. Is ICANN doing such a poor PR job that mainstream media are getting this non-event not quite right ? Sigh
On 2010-07-28, at 18:24, andrew.wallace wrote:
I think there is a social vulnerability in a group of people who need to travel, a lot of the time, by plane, to exactly the same location to make new keys to reset DNSSEC.
Let's try to forget this "reset DNSSEC" meme. This is a technical list. Let's concentrate on what we can describe accurately.
What I think is, this is leaving them wide open to attack. If an attack was state-sponsored, its likely they would be able to stop those selected people reaching the location in the United States by way of operational officers intercepting them by kidnap or murder, and indeed, a cyber attack without the need for human intervention to stop the select people getting to their destination could be done by knocking out the air traffic system. Which would, hamper the resetting and creation of new keys for DNSSEC.
The crypto officers who have generously volunteered to travel to the key management facility where they were enrolled from time to time will carry with them safety deposit box keys. As part of the process, they will unlock the safety deposit boxes contained within one of the safes in the key management facility tier 5, and extract a tamper-evident bag containing smart cards. The smart cards, under supervision of the crypto officer, are used to carry out the HSM operations that are planned for execution during that ceremony. In the event that insufficient crypto officers are able to attend (for whatever reason) ICANN retains the ability to drill the safety deposit boxes and extract the smart cards in order to preserve the security and stability of the DNS. ICANN would never do this unless the security and stability of the DNS was under threat, and would exercise this last-resort option with a great deal of public visibility. That full disclosure would unavoidably include details of people who were not able to attend. By publicising the list of crypto officers ICANN aims to increase transparency in the normal process (no drills required). We have no reason to think that our last-resort options will ever be exercised, but we have planned for them nonetheless because this is an important system and all bases need to be covered. All these details (and more) can be found in the DNSSEC Policy Statement (DPS) published at <http://www.iana.org/dnssec/>. I encourage anybody with the time and interest to dissect that document and challenge it wherever possible. Our aim is for maximum transparency and the greatest reason for the public to trust that the KSK is secure and worth trusting. One observation from a non-crypto operations guy that was drawn into this project and has learnt a lot from having to implement the infrastructure designed by real crypto people: security is not always obvious. What seems like a flaw is often not, and what seems safe is often risky. There is a great deal to learn about security engineering, and what seems obvious is frequently not. Joe
By publicising the list of crypto officers ICANN aims to increase transparency in the normal process (no drills required). We have no reason to think that our last-resort options will ever be exercised, but we have planned for them nonetheless because this is an important system and all bases need to be covered.
I thought that was the original idea, to have a system that is based on community trust. I believe that the DNSSEC deployment team did a very good job, perhaps the extra PR and hype from ICANN generated some confusion but I don't think that it was the actual source of such a rainfall of misinformation. I suggest that it should be seriously considered to revoke the role of RKSH from the person that used that role to obtain publicity and self promotion, and request the immediate return of all cryptographic material. This is not something to get the guy on a limo an parade him on the streets of his local town or have now every one included on the public list interviewed by news outfits. So much buzz around his role and comments about being part of the "circle of trust" or "brotherhood" or anything similar discredits the entire process. My .02 Jorge
On Thu, 29 Jul 2010 20:19:45 CDT, Jorge Amodio said:
I suggest that it should be seriously considered to revoke the role of RKSH from the person that used that role to obtain publicity and self promotion, and request the immediate return of all cryptographic material. This is not something to get the guy on a limo an parade him on the streets of his local town or have now every one included on the public list interviewed by news outfits.
Well, there's a bit of a problem - you have to make the list of key holders known, so that all and sundry can verify for themselves that ICANN (or any other single organization, for that matter) doesn't have all the marbles. A second point is that if you have 7 keyholders who are not well known, they're actually *easier* targets than if they're well known public figures. Think about that for a bit - who's easier to coerce without being detected, the guy who lives in the apartment downstairs from me, or somebody who's out in the open and identified as important? A pretty good article that puts a lot of the rest of it back into perspective: http://www.digitalsociety.org/2010/07/fantasy-role-playing-has-no-place-in-d...
A pretty good article that puts a lot of the rest of it back into perspective:
http://www.digitalsociety.org/2010/07/fantasy-role-playing-has-no-place-in-d...
Good article indeed. It is highly unlikely that we will ever need the service of the RKSH, I agree that a well know public figure from the community could constitute a more difficult target, but as anything in information security, everything is relative. What I find unacceptable is to take advantage of the community trust by using the RKSH role for personal self promotion and publicity. Regards Jorge
On 07/29/10 20:09, Valdis.Kletnieks@vt.edu wrote:
On Thu, 29 Jul 2010 20:19:45 CDT, Jorge Amodio said:
I suggest that it should be seriously considered to revoke the role of RKSH from the person that used that role to obtain publicity and self promotion, and request the immediate return of all cryptographic material. This is not something to get the guy on a limo an parade him on the streets of his local town or have now every one included on the public list interviewed by news outfits.
Well, there's a bit of a problem - you have to make the list of key holders known, so that all and sundry can verify for themselves that ICANN (or any other single organization, for that matter) doesn't have all the marbles.
A second point is that if you have 7 keyholders who are not well known, they're actually *easier* targets than if they're well known public figures. Think about that for a bit - who's easier to coerce without being detected, the guy who lives in the apartment downstairs from me, or somebody who's out in the open and identified as important?
A pretty good article that puts a lot of the rest of it back into perspective:
http://www.digitalsociety.org/2010/07/fantasy-role-playing-has-no-place-in-d...
That article has numerous errors in it as well, and in some ways is even worse because the guy is claiming to be a security expert who actually understands how it all works. Doug -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo Picasso
Hmmm, from the interview of the British guy, the smart card seems to be in UK (he did a lapsus on it), which differs from what you describe. if all the smart cards are in the US in an individual safe deposit box in the same location, this raise the concern that there is only one place the smartcard can be stolen or destroyed. Also, is it part of the process that each smart card holder must routinely check that "his" smartcard is still there? I would have also thought, that there would be redundancy into these smartcards, like you need 3 out of 5 to rebuild the key, or something like this. I should read the spec.... Usually IETF people are well versed on security, so I believe the process to be quite sound. ----- Original Message ----- From: "Joe Abley" <jabley@hopcount.ca> To: "andrew.wallace" <andrew.wallace@rocketmail.com> Cc: nanog@nanog.org Sent: Friday, 30 July, 2010 10:48:40 AM Subject: Re: Web expert on his 'catastrophe' key for the internet On 2010-07-28, at 18:24, andrew.wallace wrote:
I think there is a social vulnerability in a group of people who need to travel, a lot of the time, by plane, to exactly the same location to make new keys to reset DNSSEC.
Let's try to forget this "reset DNSSEC" meme. This is a technical list. Let's concentrate on what we can describe accurately.
What I think is, this is leaving them wide open to attack. If an attack was state-sponsored, its likely they would be able to stop those selected people reaching the location in the United States by way of operational officers intercepting them by kidnap or murder, and indeed, a cyber attack without the need for human intervention to stop the select people getting to their destination could be done by knocking out the air traffic system. Which would, hamper the resetting and creation of new keys for DNSSEC.
The crypto officers who have generously volunteered to travel to the key management facility where they were enrolled from time to time will carry with them safety deposit box keys. As part of the process, they will unlock the safety deposit boxes contained within one of the safes in the key management facility tier 5, and extract a tamper-evident bag containing smart cards. The smart cards, under supervision of the crypto officer, are used to carry out the HSM operations that are planned for execution during that ceremony. In the event that insufficient crypto officers are able to attend (for whatever reason) ICANN retains the ability to drill the safety deposit boxes and extract the smart cards in order to preserve the security and stability of the DNS. ICANN would never do this unless the security and stability of the DNS was under threat, and would exercise this last-resort option with a great deal of public visibility. That full disclosure would unavoidably include details of people who were not able to attend. By publicising the list of crypto officers ICANN aims to increase transparency in the normal process (no drills required). We have no reason to think that our last-resort options will ever be exercised, but we have planned for them nonetheless because this is an important system and all bases need to be covered. All these details (and more) can be found in the DNSSEC Policy Statement (DPS) published at <http://www.iana.org/dnssec/>. I encourage anybody with the time and interest to dissect that document and challenge it wherever possible. Our aim is for maximum transparency and the greatest reason for the public to trust that the KSK is secure and worth trusting. One observation from a non-crypto operations guy that was drawn into this project and has learnt a lot from having to implement the infrastructure designed by real crypto people: security is not always obvious. What seems like a flaw is often not, and what seems safe is often risky. There is a great deal to learn about security engineering, and what seems obvious is frequently not. Joe
On 07/29/10 20:23, Franck Martin wrote:
I should read the spec....
Yes, preferably before commenting on it publicly ... Doug (... oops) -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo Picasso
----- Original Message -----
From: "Doug Barton" <dougb@dougbarton.us> To: "Franck Martin" <franck@genius.com> Cc: "Joe Abley" <jabley@hopcount.ca>, nanog@nanog.org Sent: Friday, 30 July, 2010 3:49:04 PM Subject: Re: Web expert on his 'catastrophe' key for the internet On 07/29/10 20:23, Franck Martin wrote:
I should read the spec....
Yes, preferably before commenting on it publicly ...
Do I look like someone that reads manuals? ;)
On Thu, Jul 29, 2010 at 10:23 PM, Franck Martin <franck@genius.com> wrote:
Hmmm, from the interview of the British guy, the smart card seems to be in UK (he did a lapsus on it), which differs from what you describe.
You gotta read up on the whole ceremony and their statement of practices: https://www.iana.org/dnssec/icann-dps.txt ... Crypto Officers are different from Recovery Key Share Holders. Crypto officers hold a key to a safe deposit box in the safe room Safe 2, containing the operator cards. "Tier 5" Each vault contains a Tamper-evident bag (TEB) with a smart card required to authenticate with the HSM to perform crypto operations. Those cards don't leave the facility. The operatorscards are only authentication tokens, the key is stored on the hardware security modules. Hardware security modules, and the laptop+DVD+USB Flash stick required to operate them are stored in tamper evident bags in Safe 1. There are 7 crypto officers per site, but only 3 are required to authenticate to the HSM to enable it to perform operations. The recovery key share holders have a key to a bank safety deposit box under _their own_ control, containing a smartcard in tamper-evident bag, holding part of the HSM's internal encryption key. Each RKSH has to provide and maintain records of where they are storing their smartcard. 7 RKSH per site, but only 5 are required for recovery operations. -- -J
On Jul 30, 2010, at 12:55 AM, James Hess wrote:
On Thu, Jul 29, 2010 at 10:23 PM, Franck Martin <franck@genius.com> wrote:
Hmmm, from the interview of the British guy, the smart card seems to be in UK (he did a lapsus on it), which differs from what you describe.
You gotta read up on the whole ceremony and their statement of practices: https://www.iana.org/dnssec/icann-dps.txt ...
Hmm. Looks like an RFC, but isn't. Do you know if there are any plans to actually publish this ? Regards Marshall
Crypto Officers are different from Recovery Key Share Holders. Crypto officers hold a key to a safe deposit box in the safe room Safe 2, containing the operator cards. "Tier 5"
Each vault contains a Tamper-evident bag (TEB) with a smart card required to authenticate with the HSM to perform crypto operations. Those cards don't leave the facility. The operatorscards are only authentication tokens, the key is stored on the hardware security modules.
Hardware security modules, and the laptop+DVD+USB Flash stick required to operate them are stored in tamper evident bags in Safe 1.
There are 7 crypto officers per site, but only 3 are required to authenticate to the HSM to enable it to perform operations.
The recovery key share holders have a key to a bank safety deposit box under _their own_ control, containing a smartcard in tamper-evident bag, holding part of the HSM's internal encryption key.
Each RKSH has to provide and maintain records of where they are storing their smartcard. 7 RKSH per site, but only 5 are required for recovery operations.
-- -J
On 2010-07-30, at 07:59, Marshall Eubanks wrote:
Hmm. Looks like an RFC, but isn't. Do you know if there are any plans to actually publish this ?
The authoritative and current ICANN DPS is published here: https://www.iana.org/dnssec/ My understanding is that the current copyright and the source of some of the derivative text in that document means it cannot be published as-is as an RFC, assuming that's what you meant. My understanding may be weak however, and anybody who happens to be expert in copyright as it applies to the RFC series should feel very free to drop me a private note, if they feel an urge to educate me. For completeness, the corresponding DPS from VeriSign can be found here: https://www.verisign.com/repository/dnssec-practice-statement-root-zone-zsk-... Together the two documents describe the whole system. Joe
On Fri, 30 Jul 2010, Joe Abley wrote:
One observation from a non-crypto operations guy that was drawn into this project and has learnt a lot from having to implement the infrastructure designed by real crypto people: security is not always obvious. What seems like a flaw is often not, and what seems safe is often risky. There is a great deal to learn about security engineering, and what seems obvious is frequently not.
Trust is also based on perception, whether justified or not. The participants in the community wanted this kind of key ceremony and many ceremonial key holders for a variety of reasons. If the community changes its mind in the future, and wants a different kind of key ceremony and ceremonial key holders, then submit comments and propose changes. Whether Recovery Key Share Holders serve any useful role after the HSMs are initialized is one of those questions that lots of beer may help.
participants (21)
-
Adam Armstrong
-
andrew.wallace
-
Doug Barton
-
Elmar K. Bins
-
Franck Martin
-
gordon b slater
-
James Hess
-
Jim Richardson
-
Joe Abley
-
Joe Greco
-
Jorge Amodio
-
Leen Besselink
-
Marshall Eubanks
-
Matthew Walster
-
Paul Thornton
-
Ricky Beam
-
Sean Donelan
-
todd glassey
-
Tony Finch
-
Valdis.Kletnieks@vt.edu
-
Zaid Ali