Dan Brown is going to love this.
I'll bet Tom Hanks is already cast as the academic who suddenly has to save the world.
The Brit charged with holding one of seven digital keys necessary to re-establish a system of trust in the highly unlikely event of a collapse of the DNSSec (DNS Security Extensions) system has spoken of the practicalities of his responsibility. Paul Kane, chief exec of CommunityDNS and chair of the DNS Infrastructure …
Dag nab it! I thought I was going to be the first with the movie idea!
Though mine is more along the lines of the cards being counterfeited, and the copies substituted for the originals in 5 of the 7's safes... Then the DNSsec system would be "rebooted" under another base server control and no one would realize... UNTIL ITS TOO LATE!
Step 3: Profit!
You can just see it, cant you.
Paul Kane rolls up to US Border Control in a hurry to take the key to the "Secure IT data Centre in the US. USBC take one look at the smart card, and conclude that it might contain terrorist data or pornography.
USBC: Excuse me Mr Kane, could you give me access to the information on this memory card
PK: I'm sorry, the contents are encrypted, and are actually a security key for DNS on the Internet
USBC: A key for the Internet, you're kidding me. Show it.
PK: I'm sorry again, but I cannot do that, because if I release it to you, it may compromise the security of DNSSEC
USBC: Are you refusing to co-operate, and hand over the keys to unlock the data? I'm afraid we're going to have to take it and give it to our experts in the FBI to confirm there is nothing illicit on this card. We'll get it back to you when we are finished. Oh, by the way, we might damage the data while we are doing it.
A good job the Internet will continue without them!
if something happens to DNSSec, which is something for doing something, some people will have to go somewhere and do something? Having done that, the original something that happened won't just happen again? Or not? Glad we've cleared that up.
"in the unlikely event of an attack so serious that the system of trust established by DNSSec has to re-established from scratch""
What would such an attack involve?
> What would such an attack involve?
No one knows. Though it's a fair guess that whatever it is, it won't be any of the things that were foreseen. Specifically, if the internet's system of trust has broken down irreconcilably, how will this guy - or any of the others, buy a plane ticket to get them to wherever it is they need to be?
Compromise of the secret root-zone signing key associated with the widely known public part of this keypair, followed by the publication and circulation of a self-signed revocation certificate for the root zone key.
In practice as most DNSSEC clients will rarely need a top level domain (TLD) key that isn't more locally cached, if the root zone trust can be reestablished with this procedure within a week or so, most clients would rightly continue to trust the cached TLD keys so most Internet users and services wouldn't notice. Nothing to prevent clients establishing trust anchors elsewhere in the hierarchy, e.g. at frequently used TLDs or other frequently used domains.
How will he book his flight?
- Website down.
- Call centre (voip) down
Or does some black helicopter operating agency scoop him up and take him to a waiting lear jet?
I'm genuinely interested to know if there is a plan for his travel as whilst the world worked OK before the internet, and should do so without it, things might be a little disrupted for a while, and if they're very disrupted, the authorities may have more pressing "civil" issues than getting the magnificent 7from wherever they are (holidays, work travel etc) to the US.
Specifically the part that the Internet would not collapse. It would still operate only that surfers would not be able to validate that the website that they were visiting was genuine.
He might get conned into booking a flight on a spoof website... but he would still be able to book actual flights over the net and VOIP would still work.
While they CLAIM the internet would continue and everything would work without being able to validate, the very words they use would indicate this is not the case.
"fundamental catastrophic failure" could easily affect more than just DNSSec, so I'd be fairly sure they have contingency plans in place. They might not be on the tarmac, engines running, but somebody will be getting a military escort (although who's military is open for debate).
And let's also face that fact that while the user might not be able to validate the airline website is genuine, the airline might also not be able to validate the card request is genuine, and Visa might not be able to validate the airline is genuine, and the bank might not be able to validate Visa is actually Visa. All of which means Mr Kane has a suitcase of varying currencies so he can buy a ticket at the desk at the airport.
Reassuring to see that readers of this esteemed organ...
( http://www.telegraph.co.uk/technology/internet/7914153/Briton-holds-key-to-the-internet.html )
... will be fully briefed on the salient details of this story, as they determine the future of the country/international megacorp/village cricket club, whilst dozing in a club chair, briar pipe in hand...
Not sure if the link to the "IT Crowd" clip is ironic or by way of further explanation...
I kind of expected the sensationalist reporting on other (less technical) sites, including comments like "reboot the internet" etc, but I did hope the Reg would get it right...
"rebuilding the digital map used to route traffic on the internet" - DNS has nothing to do with how traffic is routed, that's managed by routing protocols, the primary one in use being BGP.
"to guard against the possibility of surfers being deceived by forged web sites or spoofed emails" - DNSSEC does not stop someone seeing a spoofed e-mail and following a link - what it protects against is DNS cache posioning and the like, it will make absolutely zero difference to the multitude of phising e-mails that exist.
Actually, it *is* a bit more melodramatic than that, but without all the urgency...
The reader should be physically connected for security; you (or the card, at least) have to physically be there for it to be "read". The encryption chip being on the card itself.
...and just as secure as Chip & PIN, no doubt.
> In the event of a collapse of the DNSSec system five of these holders need to travel to a secure data centre location in the US to restart the process ..
No, no, no, from yesterdays Metro: "A new safety system has been put in place allowing much of the net to be shutdown in an emergency .."
So you see, what's really happening here is the implementation of a system for a central authority to arbitrarily SHUT DOWN the Internet, the ultimate effect being to prevent the free flow of information.
<insert quote from Orwell>
.... and there's a Brit and perhaps somebody in Western Europe / Scandinavia, I bet the recent volcano thing and the closure of airspace gave them pause for thought about their approach.
I understand the principles of change management, but for Christ's sake flying seven people to a datacentre with Smartcards they need to physically have with them sounds like overkill. If some of the people are in Asia / Oz and need to fly you've automatically built yourself in a good 12 hour delay before you can switch to BCP just by getting them there, that just sounds a bit daft to me. Why would you design it this way? Somebody has been watching too many Hollywood blockbusters and just thought it would be cool.