The U.S. government is pressing ahead with plans to implement a new security regime for the basic architecture of the World Wide Web, despite unease in some corners of the international Internet management community.
“This is the U.S. government stepping forward and showing leadership,” says Douglas Maughan, an official with Homeland Security.
The DNS Security Extensions Protocol, or DNSSec, is designed to end spoofing by allowing the instantaneous authentication of DNS information — effectively creating a series of digital keys for the system.
One lingering question — largely academic until now — has been who should hold the key for the so-called DNS Root Zone, the part of the system that sits above the so-called Top Level Domains, like .com and .org.
Several experts have suggested that possessing the Root Zone Key would make the U.S. government the only entity that could “spoof” DNS addresses.
Maughan says, “The Root Key Operator is going to be in a highly trusted position. It’s going to be a highly trusted entity. The idea that anyone in that position would abuse it to spoof addresses is just silly.”
Should we presume the same level of trust and leadership we received – over WMD’s before the invasion of Iraq?
BTW – we covered an earlier discussion at ICANN – before Homeland Insincerity’s response.
I keep seeing more and more of these types of stories. EFF is going to be very busy. On the local front for me, Sen Schumer (who attacked Bush over the illegal wiretapping) is introducing a bill to require ISPs to monitor their networks for child porn and submit it to the police…or face a $50k fine. Great, I’m sure Time Warner, Comcast, etc will make excellent deputies.
I wonder what will happen on this day. In History, before they change the water. Sounds a bit like this:
On September 11, 1990, George Herbert Walker Bush announced the “New World Order” before a joint session of Congress.
ICANN should control it, not a government entity. Period.
Who do you think controls ICANN? The U.S. Department of Commerce.
It sounds like a good idea. Couldn’t you have multiple keys that had to be used in unison?
With all the bad things that can be said about the U.S. government, I guess if any government has to be in control of the keys to the Internet, I would prefer the U.S.A.
I’m not saying they are a ‘highly trusted entity’ but I do trust them more than most any other government on Terra.
Well, what we need to do is like in David Brin’s novel Earth and feed some old lady’s conscience into the planet, then let Earth control the internet. Science fiction saves the day!
I think this may spawn a response from the EU just like US-owned GPS spawned the Galileo project… Hey, let’s all buy a bunch of .eu domains instead!
From the article —
“The Root Key Operator is going to be in a highly trusted position. It’s going to be a highly trusted entity. The idea that anyone in that position would abuse it to spoof addresses is just silly.”
Bwahahahahahaha. Reminds me of ‘Colossus – The Forbin Project’
This is a LOAd of BS.
Nothing is going to happen..
It should be a distributed system like the DNS root servers. If you have just one, that’s asking for DDoS attack. The best way to ensure there’s no spoofing is to check it against two (or more) geographically wide-spread servers. That should keep any gov’ts from trying any hinky-jinks.
Jeeze. We trust them with the big red launch-the-nukes button now.
One root key to rule them all? I think quantum computers could crack these in a few years.
Calling all Geeks! We need you to save the world. This is your day… seize it!
We need you to write anti-fascism protocols into all our software — especially email, browsing, VOIP, and file sharing. We should be able to do those things in total privacy from the government, scammers, employers, etc.
Step up to the plate Geeks! We need you now!
13, Greg Allen:
For email, try Iron Key — triple DES for instant drag and drop email stuff. You’ll probably have to rename the file you want to send, since it makes an exe, but the recipient can just rename it back. Works great, as long as the recipient has the key — total privacy, but no diffie-hellman key exchange. Ah, well, nothing is perfect. At least it’s free.
http://www.kryptel.com/products/ikey/index.php
No doubt this ability will be given to the RIAA and the MPAA so they can continue their crusades.
14 – Greg Allen -I wonder if it would be possible to do what you suggest using a self-healing, distributed computing system that could effectively resist both malicious cracking and government/central authority intrusion. That’d be almost as good as Bruce IV’s (7) suggestion of injecting an old lady’s conscience into the system.
Key would be to allow anyone to access and be authorized as a legitimate user without personally identifying them. Hmmm. I guess that’s a contradiction in terms. Either you want accountability or anonymity. I don’t see how you could get both at once.
Bubba Ray’s (15) personal encryption is probably the best one can do, and I suspect encryption of messages would itself be a flag if the fascists in charge want to look. “Look at me! You can’t see what I sent!”
Makes better sense to use Joe Bonano’s approach, if you really have someting to hide – simply make up your own language. The feds tapped the pay phone he used and tried for years to figure out what he was telling people, without success. It can be done.