back to article Internet root keymasters must think they're cursed: First, a dodgy safe. Now, coronavirus upends IANA ceremony

IANA – the body that oversees the internet's IP addresses and domain names – must think it's under a curse in its quest to protect the 'net. Last time it was a malfunctioning safe that blocked its important work to keep the global network glued together. This time, coronavirus. Every quarter, a small group of people cram …

  1. Anonymous Coward
    Anonymous Coward


    At 20 hours would the Lock Picking Lawyer not be a cheaper option?

    1. JimboSmith Silver badge

      Re: Drilling?

      I was thinking the very same thing. However I don't think running a magnet over it would suffice in this case.

    2. Anonymous Coward
      Anonymous Coward

      Re: Drilling?

      "At 20 hours would the Lock Picking Lawyer not be a cheaper option?"


      What is also suspicious is the state of the "locksmiths" tools.

      (Never trust a workman whos tools are not worn in)

      I think he's a plant!

      1. John Brown (no body) Silver badge

        Re: Drilling?


        (Yes, I googled to find a suitable plant name :-))

    3. Claverhouse Silver badge

      Re: Drilling?

      With no experience at all I would have thought the drill could be set up in a cage as a computer-driven tunnel boring machine would be, to work the 20 hours instead of some unfortunate propping it up that length of time.

      I only hope he was adequately recompensed. Maybe 1% of the dignitaries annual income.


      Still, it shows one should never build a defence too difficult to be breached in an emergency.

      Also: apart from terrorists and advertisers desperate to seize control of the Internet, it is unlikely the average burglar would seek the contents of the safe.

    4. Sgt_Oddball

      Re: Drilling?

      "that's a click out of 5..."

      As much as I enjoy his work, if the lock on the safe has broken enough that the keys no-longer worked, picking it would be pretty much out of the window. Hence the poor bastard having to drill through.

      Also he probably bought a brand new drill for it or burned out an earlier drill as I would assume they'd burn out after the first 5 or 10 hours..

      1. Anonymous Coward
        Anonymous Coward

        Re: Drilling?

        It was a real pain to do. He spent the first night scouring the manufacturers specs to get info on the lock. He didn't burn out any drills but the diamond bits went like sand through an hourglass. He's been doing this for >40 years and this was the toughest lock he's ever had to drill.

  2. Jimmy2Cows Silver badge

    ... break the rules over non-essential services in Los Angeles...


    Surely "keeping the internet root zone" safe and working counts as an essential service.

    1. Anonymous Coward

      Re: ... break the rules over non-essential services in Los Angeles...

      Makes me a bit proud that my state, Virginia, has some common sense when it comes to essential services. One would think there would be a mechanism in California to get specific, world critical, events cleared.

    2. Mike007 Bronze badge

      Re: ... break the rules over non-essential services in Los Angeles...

      It's just some technobabble IT thingy, so obviously it isn't essential. Cancel the ceremony and use the budget to buy the latest iphone accessory that the board require for their zoom meetings.

      I wish I didn't need to attach the icon...

  3. JimboSmith Silver badge

    Reminds me of a short story I once read where a couple end up accidentally stuck in an extremely large vault deep underground. They find emergency oxygen tanks, air scrubbers and long life food left 'just in case'. They hear loud noises from outside and there are large earthquake like shocks which they assume are attempts to recue them. They finally escape after a few days when they find a heavily protected emergency exit. When they eventually emerge it's to a destroyed world where the vault is no longer deep underground and the vault is the only structure still standing as far as the eye can see........

    1. Bronek Kozicki

      Do you remember author or at least part of the title?

      1. JimboSmith Silver badge

        Do you remember author or at least part of the title?

        Sadly not, I read it in the 80s and my memory isn't what it once was. The story stuck with me because of the cold war and my paranoia at the time about being nuked.

    2. Anonymous Coward
      Anonymous Coward

      Sounds like a Fallout side quest, to me...

      1. Bitsminer Silver badge

        There is a similarly-themed Twilight Zone episode (the original series not the remakes).

        Alas, the poor introvert emerges from his bank vault after the nuclear holocaust, and promptly breaks his coke-bottle eyeglasses. His eyesight is too poor to navigate.

        1. Claptrap314 Silver badge

          Actually, he invites six people he believes have severely wronged him to the vault, and stages the end of the world, for the shere joy of torment. After he reveals the truth, however, the video restarts, and he is convinced that it is real this time. He breaks his glasses in his distress, and when he gets outside he cannot see that there is no destruction.

        2. Graham Dawson Silver badge

          It wasn't fair! He finally had time!

          Oh wait, different apocalypse.

        3. NorthIowan

          Re: coke-bottle eyeglasses

          The one I remember is that he is an introvert who would prefer to read over doing most anything else. So after coming out to find a destroyed world is happy that nothing will get in the way of his reading. So promptly goes to what is left of the library to pick up new reading material. Then when coming out of the library, somehow breaks his glasses. End of happiness.

          1. Bubba Von Braun

            Re: coke-bottle eyeglasses

            Its the Twilight Zone eight episode.. "Time Enough at Last" Mr introvert was Burgess Meredith.


  4. Tempest8008

    Test them?

    IANA should be able to obtain access to a COVID-19 test.

    Before they isolate themselves, have the participants tested and confirmed virus free, THEN lock them in together.

    People living in the same household aren't held to the social distancing requirements...that'd be daft. Being locked in together for a few days would hold the same strictures, I assume. And if they've been tested and confirmed virus free the point should be moot, regardless.

    1. Jamie Jones Silver badge

      Re: Test them?

      Alternatively, use the fanatically religious who are kept virus-free by Jesus.

      Churchgoer claims to be covered in Jesus' blood

  5. newspuppy

    Single Point of Failure?

    Wow.. I confess I had no idea.... The internet was supposed to be designed as a system with no single point of failure... yet it appears that this is a disaster waiting to happen. I would not want a modern day luddite that would want to take the whole system down... by... targeting the root node signers.. destroying their keys... and ... what? all of our internet is no longer trusted and falls apart? I clearly do not understand something very basic here... It can not be that one fanatic can destroy the whole of our modern life....

    I am certain that I shall be educated on why I am not understanding this in a moment and know more...

    I await your comments.

    1. Ken Moorhouse Silver badge

      Re: Single Point of Failure?

      My guess, FWIW, 0.5 cents worth, if that, is that the Internet will still carry on working, it's the substitution of names for IP addresses that will fail.

      Reminds me of the incident, many years ago when one of my clients (in the UK) couldn't be accessed from some areas of the United States. Turned out that one of the sites in the DNS hierarchy, located in the States, had been compromised and was pointing searches to my client to the International Herald tribune's website instead. This was going on for weeks if not months. Used looking-glass servers dotted around the US to work out what was going on. Any DNS servers downstream of the infected one had to be re-pointed which, in those days, took a while to ripple through.

      1. Gene Cash Silver badge

        Re: Single Point of Failure?

        I do seem to remember some sites in the big "list of FTP sites" - which is what we used pre-Google/Altavista/Yahoo/etc only had IP addresses, because not everyone on the internet had a domain name. This was back in the late '80s, maybe early '90s.

    2. ebyrob

      Re: Single Point of Failure?

      DNS with BIND will likely always be there.

      DNSSEC is some scheme that is supposed to make DNS "better" and "more secure". Probably like most of web 2.0 and whatever appalooza is called now, it won't. (slower lookups, complicated configuration, DDoS reflection attacks, etc...)

      Clearly if all the special apples have to go into 1 room all at once where a single nuke can take them out, they forgot something inherently present in the old DARPA design.

    3. doublelayer Silver badge

      Re: Single Point of Failure?

      It's not quite as single a point of failure as it seems. There are many protocols that are not affected by this--if these keys expire, many parts of the DNS root system continue to run like clockwork.

      But, let's assume that all the people who do this are killed at once by some type of internet-hating terrorist group. What would happen is that IANA would get in a locksmith and break into the safe again. They might need more time, and they might need to do a bit of trial and error if there are any passwords involved, but they can handle that.

      Let's assume the terrorists also take out the facility where the safe is. IANA just moves over to Virginia where there is a second copy of the safe and breaks into that one, then probably copies the contents and reestablishes the two-locations system again.

      Let's assume that both locations and all participants are destroyed. In this case, IANA are a little stuck, but that's assuming they have no backups of the system somewhere (and nobody managed to copy the keys for a laugh). Given how secure they want this to be, it's possible they don't have them, but I wouldn't be surprised if that weren't the case. But if that happened, the problem would eventually fall down to the next set of servers. For a while, cached results from the root servers would be fine and nobody would have a problem. That's why attacking the DNS root servers, even if it works, doesn't immediately bring down the internet. During this time, users continue to act as normal while IANA and other DNS operators decide what needs to be done.

      Let's assume they fail to do it. They don't have the ability to create a new key and have it trusted implicitly, and nobody has an idea of a quick way out of this. What happens then is that people have to fall back to other DNS information without authentication. It has problems, but it has also worked for quite a while. We're just back to that. Many places will have to change their system configurations. We'd see a lot of annoyed users. We technical folk would get a large helping of blame we don't really deserve. But life, the internet, and everything would continue to exist. IANA might get a lot of bad consequences for that, but that's where it'd end.

  6. MOH

    I got as far as "“This bag will not be opened until within the ceremony so that each TCR can witness their key is in the same condition as when they released it." and my brain started playing the Mission Impossible music, along with images of shocked looks as the bags turn out to be empty. Meanwhile, they keys have been intercepted and used to .... meh, probably just to redirect news sites to 5G coronvavirus penis-enlarging lizard-men conspiracy sites.

    1. Pirate Dave Silver badge

      Glad I wasn't the only one whose mind saw Tom Cruise rappelling from the ceiling carrying the last of those key bags.

      And why do they call it a "Ceremony"? That sounds like "Eyes Wide Shut" stuff...

      1. Charles 9

        They probably meant to use "Ritual" instead, as that word implies a precise procedure that is to be followed as exactly as possible.

  7. erikscott
    Black Helicopters

    Solved in 1979 (or maybe earlier, classified)

    Wasn't Secret Sharing ("Secret Splitting") designed to solve more or less exactly this problem? Some number N out of a larger pool of M people's knowledge is necessary and sufficient to perform an action. Kerberos Ticket Granting Tickets are often distributed this way to prevent their accidental or deliberate disclosure or loss. Presumably other uses (launch commands?). This at least could be implemented mechanically - N tumblers each raise a pin incrementally on a ratchet until it rises high enough to open the door, not requiring all M.

    Movement should be easy enough - given the stakes and a phone call or two, diplomatic or visiting military credentials can be issued. US State dept. courier flights are almost certainly still running.

    1. Ken Moorhouse Silver badge

      Re: M people's knowledge is necessary and sufficient to perform an action

      I would say you don't need to look any further, mombajee ai-o, etc.

      Thank you for the Small reminder.

  8. Gene Cash Silver badge

    "Ever spent 20 hours on your side drilling a lock?"

    On advice from my (non-lockpicking) lawyer... I refuse to answer. I plead the 5th, yer honor!

  9. Anonymous Coward
    Anonymous Coward

    Should have met in San Francisco and said they were doing residential construction work...

    In the city of SF for the last few weeks since the start of the Shelter in Place Order construction work on luxury refurbishments of high end houses and duplexes etc has continued unabated because the City decided that construction work on residential properties was "essential" due to "homelessness" or something. Quite at variance with the State Executive Order.

    Of course this decision by the Mayors Office and the City Depts has absolutely nothing to do with the multiple corruption scandals in the various City Depts and the blatant Pay To Play system that has been in play in the City since a certain Mayor (now ex-Mayor) came back to town after being term out of Sacramento. Or the Govs office ignoring this blatant breaking of Shelter In Place in SF because the Gov is a former Mayor of SF whose whole political career is due to the previous Mayor whose people still runs City Hall. Nah.

    The loophole for continued residential construction was so blatantly corrupt that the City did tighten the rules a bit recently but so far the purely private residential construction work on multi million dollar units around the City has proceeded uninterrupted.

    As I said, the IANA guys should have just put on overalls and claimed to be house painters or plumbers and they could have traveled unimpeded in San Francisco.

    1. katrinab Silver badge

      Re: Should have met in San Francisco and said they were doing residential construction work...

      Presumably people who work on the telephone and cable networks are allowed to continue working, because that is essential for calling ambulances etc? Don’t they come under the same category?

      1. Anonymous Coward
        Anonymous Coward

        Re: Should have met in San Francisco and said they were doing residential construction work...

        All real infrastructure work is considered essential. The IANA guys easily fall under the Federal CISA criteria of essential work. Thats whats used by the state. There would have been no problem getting to El Segundo, legally speaking. Those from other countries might be a bit iffy. Are there enough people in the US for a quorum?

        Now if they had left their wallet in El Segundo, that might have been more of a problem..

  10. Lee D Silver badge

    So they're not going to know if the keys are in the parcels and work and that they have them until the day of the ceremony?

    Anyone else spot a problem here?

    And surely, if this stuff was ANYWHERE NEAR secure, those parties could all have an HSM of their own with which they could verifiably sign a key with another that only they could possibly be in possession of (the HSM and it's associated authentication) and then those keys - if they are in any way secure - can just be transmitted over the Internet (I would add the caveat of "avoiding DNS use" but that much should be obvious).

    Safe and locks and stupid procedures opening envelopes in front of webcams is just ludicrous, I'm afraid. Unless someone can compromise 12 - or however many - independent people worldwide simultaneously, grab their HSM, torture them all for their signing info and private keys and passcodes, and sign off something fake without ANYONE noticing... even if they have to do that part of it one-by-one on a web video link...

    They've had one near miss. They've set themselves up for another here. It's not going to be long before they totally screw it up because of some other instance they hadn't considered and it'll be game over for DNSSEC.

    1. Anonymous Coward
      Anonymous Coward

      "Unless someone can compromise 12 - or however many - independent people worldwide simultaneously, grab their HSM, torture them all for their signing info and private keys and passcodes, and sign off something fake without ANYONE noticing..."

      NEVER underestimate the power of a state-level actor with a bottomless wallet. Consider the data center in Utah...

  11. martinusher Silver badge

    What? No Back Door?

    Given the nature of these technologies you have that expectation that when everyone finds the keys to the safe are locked some clever so and so just nips around the back of the safe, opens and small, unlocked, flap and extracts the information. (The flap was built into the safe duing construction to make testing the safe know how this goes.....)

  12. hayzoos

    Sounds very secure except

    Over YouTube?!?! That's all I have to say about that.

    On the 20 hour safe cracking: They need a better locksmith. I have experience with these type of safes. I have seen them cracked in less than an hour due to a forgotten combo.

    1. Ken Moorhouse Silver badge

      Re: On the 20 hour safe cracking

      They should have got these guys on the job:-

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like