Government Begins Securing Root Zone File 198
Death Metal notes a Wired piece on the US government beginning the process of securing the root zone file. This is in service of implementing DNSSEC, without which the DNS security hole found by Dan Kaminsky can't be definitively closed. On Thursday morning, a comment period will open on the various proposals on who should hold the keys and sign the root — ICANN, Verisign, or the US government's NTIA.
Re:Who to control... (Score:5, Interesting)
Addendum:
UN
Pros:
Cons:
I'd be interested in hearing reasons why people believe this is a good thing as well though.
Re:Those who do not understand DNS (Score:5, Interesting)
"Are doomed to reimplement it, poorly. Does anyone have any confidence that the US Government WONT mess this up completely? Give the key to Google or AOL or IBM or something. "
Those who don't understand DNS would recommend giving it to IBM.
Hi. I run the root server that was the first runner up in the contest to administer it, ahead of two other groups. We were actually asked by the gov to advise icann which we did until we realized all they were doing is using us to get away with what they wanted to do, instead of listening to advice on horrific problems. Hint: the mandate specifies icann is a membership organization and 10 years later you still can join and have a vote. Ahem.
During this time and for 5 years before that I run the a root to one of the alternative root zones.
If you think dnssec will fix the problem or that it's the right answer or that it will actually secure it then you and Dan Kaminsky haven't thought about it enough.
But if you wanna go ahead with the broken dnssec model the keys should be held by Paul Vixie. This is all his mess anyway and he already holds the keys to usenet.
It doesn't have to be just one player (Score:5, Interesting)
How about using a threshold signing scheme?
Here's the ten kilofoot view: each participant p_{1..n} gets a piece of the key. If least t of them (for some 2 <= t <= n) cooperate, they can produce a signature on the input message.
It is widely held that separation of power into legislative, executive and judiciary is a good thing. Here, the roles would be symmetric, but you still get the benefit of no one body of people (or single person) being in control.
Here's an interesting thought: include some of the root server operators in the decision. I haven't done the formal proof, but my understanding is that it'd be simple to create weighted threshold schemes, such that if ten of the $n roots all agree, that counts as one "vote" in the usgov-icann-verisign calculation [just apply some general secure Multiparty Computation protocol to the computation of RSA-signing with Shamir secret shares of the private key]. And, as your child poster says, you may want to include the UN. Not being a citizen of 192 sovereign nations, I don't like the idea of any one nation having a disproportionately large influence over critical infrastructure, should we come to rely on a signed root zone [note: we don't now, because it isn't; that may be useful to put this issue into its proper perspective, or not...].
But no matter who the eligible parties are, I don't think any one of them should be in exclusive control. Use a threshold signing scheme to distribute the power.
Re:None of the above (Score:3, Interesting)
Leading surveillance societies in the EU and the World 2007 [privacyinternational.org]
Clearly in the lead: China, Russia, US
CC.
Re:Who to control... (Score:1, Interesting)
Both of these are flamebait? When did it become to taboo to have a little patriotism?
Sure, Dubya's an idiot, but these national investments occurred when Americans weren't nearly as hated. Dubya wasn't president at the time, so why not be a little proud of what your tax dollars paid for?
I'm not expecting everybody worldwide to kiss our ass or give us money, but come on, give a little credit where credit is due. Without the bottomless pit of US defense spending, there'd be no GPS nor internet. Period.
Re:I believe DNSSEC is unnecessory... (Score:3, Interesting)
I believe you missed what I said, or at least what I intended to say.
DNSSEC enables using DNS as the method of protection from MITM for other applications.
With DNSSEC you can distribute your SSH fingerprint in a signed DNS record. That would enable your application (SSH) to have a secure connection that can even withstand a MITM attack as long as you can verify the DNS signing keys, irregardless of whether or not you've ever connected to that server before.
The same sort of system can be used for email signing keys, IPSEC keys or anything else you want to distribute in an authenticated fashion.
I agree that DNSSEC to enable secure DNS alone is overkill. If we were only fixing what we have, I'd do it your way. What I believe what you are missing is the potential a secure, distributed, scalable database founded on a robust PKI could have on how we interact with each other.
DNSSEC is more then just a way to keep people from redirecting you from www.google.com to evilsite.com, it's a technology that can be used to enable authentication and trust on an Internet wide scale. It is a game changer, and gives us something we never have had before.
I agree that your plan would mostly shore up DNS, but we would miss the opportunity we have to create something so much larger then simply the internet phone book. DNSSEC has the potential to bring sweeping change to our industry, and much greater security to all of our lives.
Re:I believe DNSSEC is unnecessory... (Score:3, Interesting)
HTTP sucks too, but we use it because we all use it. Whatever we want to build gets a http implementation simply because everyone else uses it and understands it, and interoperability is king. In fact, a web service like http/SSL implementation is the only other real contender for a large scale PKI that has a snowball's chance in hell of being adopted. If DNSSEC fizzles out, I'll try that way.
DNSSEC is the best shot we have at world scale PKI because it's an incremental add-on to something we already have, and solves a real problem that exists in DNS at the same time. It is the most robust way to shore up DNS for the long term against all non-DOS attacks. (DNSSEC makes DOS easier, and fails horribly on that count. Elliptic Curve Crypto will help somewhat by shrinking key size vs RSA based keys)
Yes, it will be "just another CA infrastructure", but is the one shot we have in the near future at getting such a thing deployed globally.
Yes, DNS is not the ideal CA infrastructure, but it's the best one that has a chance at life. We want to secure DNS, and on the side we get global PKI almost for free. We're not going to get this kind of chance again for a long time.