A British computer expert has been entrusted with part of a digital key, to help
restart the internet in the event of a major catastrophe.
Paul Kane talked to Eddie Mair on Radio 4's PM programme about what he might be
called upon to do in the event of an international online emergency.
You *do* realize this "news" is like two months old, right?
http://www.icann.org/en/announcements/announcement-2-07jun10-en.htm
The DNS root has been signed in production for over 2 weeks now.
That plus the phrase "restarting the Internet" is more than a little bit
misleading.
One has to wonder if there was a *complete* failure of the Internet, and it
needed "restarting", whether enough people holding shares would be able to get
to the same place to have another root-signing ceremony. Consider the impact on
plane reservations, etc.
Those of us who lived through the Morris worm fragmenting the Arpa/Milnet in
1988 and things like major worm-induced outages remember what a hassle it was
to *really* restart the net. Calling up your upstream on the phone asking if it
was safe to turn up the link again, or looking for help in cleaning your net
before you reconnected, etc...)
Those of us who lived through the Morris worm fragmenting the Arpa/Milnet in
1988 and things like major worm-induced outages remember what a hassle it was
to *really* restart the net. Calling up your upstream on the phone asking if it
was safe to turn up the link again, or looking for help in cleaning your net
before you reconnected, etc...)
Weren't the FCC and at&t recently suggesting that VoIP was the future of
telephony?
I can just imagine how it'll be trying to call your upstream to have
them reconnect you...
"Your call could not be completed at this time. Your circuit is not
connected. Please hang up, connect to the Internet, and then try your
call again."
Ha.
Now, seriously, at what point do we lose visibility of the bigger
picture? Twenty years ago, the PSTN wasn't horribly hard to grasp
and was sufficiently distinct that one could understand the set of
circumstances that would render both phone and data unusable.
As wonderful as the new communications paradigms are, do we also
have a situation now developing where it might eventually become
very difficult or even impossible to ensure out-of-band lines of
communications remain available?
... JG
That's already a problem for getting alert pages. Any actual *pager*
companies left? They all seem to have gone to SMS systems.
Well, USA Mobility was supporting ReFLEX pagers for us up until I got
tired of playing the tech support "try this alternate TAP dialup number"
game that seemed to be needed every year or so, because suddenly messages
wouldn't be delivered or would be queued for many hours (and these are
two-way pagers we're talking about, the network knows where they are).
That was probably less than a year ago when I got fed up and told them
we weren't renewing.
Relatively speaking, at&t's Enterprise Paging (which appears to just be
enterprise SMS with a TAP/SNPP gateway) has been a lot more reliable. I
have no idea how reliable it'd be in a major telecom crisis, of course.
Aren't there still some satellite pager providers out there? 
... JG
Works fine till solar flare season.
That's already a problem for getting alert pages. Any actual *pager*
companies left? They all seem to have gone to SMS systems.
SkyTel is the only one I remember. Sadly, their coverage is about that of Cricket or Clearwire. (at least in NC)
> Relatively speaking, at&t's Enterprise Paging (which appears to just be
> enterprise SMS with a TAP/SNPP gateway) has been a lot more reliable. I
> have no idea how reliable it'd be in a major telecom crisis, of course.I'd expect it to work as well as the cellular network, since it's riding
on it. (read: it stops working when your cellphone does.)
Right, I think I pointed out it was basically SMS, despite being billed
as "enterprise paging," which brings us back to the previous question....
Or are you saying that there are SMS networks out there that aren't part
of the cellular network? 
SkyTel *used* to have satelite pagers. I don't think anyone runs such a
network anymore... the pagers were bulky and the network is quite
expensive to run. (just look at Iridium.)
Yes, fun. The downside of the evolution of capable cellular devices.
It's still an interesting issue, though. As data and telecom become
impossible to tell apart, how do you go about arranging for notification
services that work when some particular layer/portion of the Internet's
broken? What parts of any virtual circuit from your monitoring server
to your belt device are impacted by an Internet failure? By a worm that
manages to take out gear that handles both Internet traffic and private
network VoIP? Etc. What happens in twenty years when at&t-the-legacy-
telco has been spun off, gone all VoIP, and has gotten out of the long
haul biz and rents IP capacity from some other major backbone? The
potential for interdependence in the future could be a very complicated
issue.
... JG
I'm not sure of the situation over in NA, but in Europe, yes.
M
If you think that is misleading, you would want to see this article:
http://www.metro.co.uk/news/836210-brit-given-a-key-to-unlock-the-internet
By some reports some have "counted 11 factual errors" in just this small article.
I think a journalist created the article based on a similair interview like the BBC.
Leen Besselink wrote:
That plus the phrase "restarting the Internet" is more than a little bit
misleading.If you think that is misleading, you would want to see this article:
http://www.metro.co.uk/news/836210-brit-given-a-key-to-unlock-the-internet
Yes, we've been howling with derision about that on this side of the
pond for the last couple of days.
Putting the source into perspective though, The Metro isn't known for
quality journalism - its a free paper liberally scattered around London
(usually found as entertaining reading material when you're stuck on the
tube going somewhere late at night).
Paul.
One, I do not see the operational relevance of this "news".
Second, people cult is just not the hype anymore.
Third, my opinion towards Mr. Kane will stay with myself.
One, I do not see the operational relevance of this "news".
The real problem is that articles like this DO get considerable
attention in the UK - a place where "the internet" has yet to gain true
understanding and recognition as a national business and government
asset in the eyes of the general consumer populace and their
politicians.
Stories written like this still have a "wow" factor, both with the
unconnected and the great unwashed customers in general.
Second, people cult is just not the hype anymore
Rest assured, none of the intended viewers know or care who the
dungeon-master is All they care about is their "MSN" working.
They have to depict someone doing something, and ascii-armored printout
is far too confusing for the folks to comprehend.
Gord
BT are currently upgrading the UK's phone system to VOIP. But it's running
on a private network.
Tony.
See also the press releases from Bath University:
http://www.bath.ac.uk/news/2010/07/26/internet-security/
and CommunityDNS themselves:
http://cdns.net/ROOT-DNSSEC.html
The problem seems to be that Bath's press office decided to sex up the
story and Metro confused DNSSEC with the Internet kill switch proposal.
Tony.
I think there is a social vulnerability in a group of people who need to travel,
a lot of the time, by plane, to exactly the same location to make new keys to
reset DNSSEC.
What I think is, this is leaving them wide open to attack. If an attack was
state-sponsored, its likely they would be able to stop those selected people
reaching the location in the United States by way of operational officers
intercepting them by kidnap or murder, and indeed, a cyber attack without the
need for human intervention to stop the select people getting to their
destination could be done by knocking out the air traffic system. Which would,
hamper the resetting and creation of new keys for DNSSEC.
Even without the select people being prevented from reaching their location in
the United States, the disclosure tells the bad guys, approximately how long an
attack window they've got between the selected people leaving their work or home
and travelling by plane to the location.
It would have been better if the people who are the selected key holders was
kept classified, a lot of the information given out wasn't in the public
interest, or in the national interest for the arrangements to be made public.
I'm guessing also, Mr.Kane would be travelling to the United States in a
military plane and not a commercial airliner, but who knows?
Of course this is just my opinion.
Andrew Wallace
Of course this is just my opinion.
Which is totally unfounded and equivalent to a ton of dung.
Please stop with the non-operational content conspiracy theories, tnx.
What I think is, this is leaving them wide open to attack. If an attack was
state-sponsored, its likely they would be able to stop those selected people
reaching the location in the United States by way of operational officers
intercepting them by kidnap or murder, and indeed, a cyber attack without the
need for human intervention to stop the select people getting to their
destination could be done by knocking out the air traffic system. Which would,
hamper the resetting and creation of new keys for DNSSEC.
Movie-plot threat.
Hint 1 - if you want to cause actual mischief, I'd start the merriment over at
gtld-servers.net rather than the actual root, or maybe even one more level down
at the actual TLD servers. '.' is small enough that it can easily be
hand-verified if need be, but there's like 140M things under .com handled by
dozens of registries and registrars - even with DNSSEC, plenty of room for fun
and games. (What protection does DNSSEC grant you against a squatter who
snarfs up a domain name that's accidentally expired due to a billing issue?)
Hint 2 - What do the 5th and 6th fields on the '.' SOA entry mean, especially
in this context? In particular, what operational aspect does the specified 5th
value give us if we're contemplating this movie-plot scenario?
Even without the select people being prevented from reaching their location in
the United States, the disclosure tells the bad guys, approximately how long an
attack window they've got between the selected people leaving their work or home
and travelling by plane to the location.
Bzzt! Wrong, but thank you for playing.
The bad guys *actual* window is between when the current root keys are lost/
compromised, and when the selected people *leave* to go to the selected
location. Once you learn that the root key is compromised, you can take other
steps to mitigate damage (see hint 2 above). When Paul Kane gets that phone
call that says he needs to take a plane trip, the window is *closing*, not
opening.
It would have been better if the people who are the selected key holders was
kept classified, a lot of the information given out wasn't in the public
interest, or in the national interest for the arrangements to be made public.
Obviously you have approximately zero understanding of the crypto community.
They tend to be the most paranoid people out there - and the *only* way to get
acceptance of a signed root was to make sure that ICANN is *not* in posession
of enough keying material to sign a key by itself. In addition, the owners of
keys need to be publicly known, to avoid allegations of "ICANN and a bunch
of unnamed people not associated with them. Honest - trust us".
In the crypto world, "trust us" is a fast path to Bruce Schneier's Doghouse.
Of course this is just my opinion.
There's opinions, and opinions backed by operational experience.
Obviously you have approximately zero understanding of the crypto community.
They tend to be the most paranoid people out there - and the *only* way to get
acceptance of a signed root was to make sure that ICANN is *not* in posession
of enough keying material to sign a key by itself. In addition, the owners of
keys need to be publicly known, to avoid allegations of "ICANN and a bunch
of unnamed people not associated with them. Honest - trust us".
Also, these famous guys selected as part of the TCR group where the
number is not actually seven, don't even have enough material to sign
anything by themselves.
The RKSH or Recovery Key Share Holder just holds in a tamper evident
bag, a smart card with part of the key used to encrypt the backup
copies of the HSM (Hardware Security Module).
I'd love to see how they can "restart the world wide web" with that ...
Cheers
Jorge