There are no ‘key holders’ to the Internet
In a post last week “Fantasy role playing has no place in DNSSEC“, I pointed out that the media is conflating the “Internet” and the “World Wide Web” with DNSSEC and that they are endangering the people responsible for holding the backup keys. Since that post, more stories have popped up repeating the myth that there are key holders of the Internet. It turns out that I didn’t go far enough in my debunking of these myths because those seven recovery key holders don’t actually hold the recovery root DNSSEC keys.
What each of the seven recovery key holders actually hold is a fraction of an electronic key (a smartcard) to a high tech electronic safe deposit containing the actual backup keys stored at two high security facilities in the United States. Furthermore, it’s not as if five of the seven key holders could be bribed or extorted into going into those facilities to grab the recovery key because they wouldn’t be allowed in unless there was a decision from ICANN to call them in. There are crypto officers and security personnel that would ensure no unauthorized access to the backup keys. These finer details were pointed out to me by Robert Seastrom and ICANN Director of DNS operations Joe Abley and a full list of crypto officers and recovery key holders can be found here.
Furthermore, there is a real possibility that in the case of a disaster that compromises the actual root DNSSEC keys, which are used to sign and authorize the DNSSEC keys used by individual .com domains, ICANN could opt to not use the backup out of the fear that the keys might have been seen and copied by someone. In that event, ICANN would simply create new keys which would require everyone using DNSSEC to re-key. For Windows based clients and servers, Microsoft would probably update everyone through their automatic Windows update. UNIX and Linux administrators would likely update manually or through some automated mechanism through their Linux distributor.
http://www.digitalsociety.org/2010/07/fantasy-role-playing-has-no-place-in-dnssec
See Humor…rebooting the Internet…
http://TheBigLieSociety.com
The seven Recovery Key Shareholders do *not* hold keys to the safe deposit box.
Please watch http://www.youtube.com/watch?v=b9j-sfP9GUU from around the 04:00 mark to understand the difference between Recovery Key Shareholders and Crypto Officers.
@GrahamPerrin
You took “safe deposit” a bit too literally. The keys to the safe deposit box side are… safe deposit box keys. Just like the safe deposit box key you have for your bank or credit union. They are issued to the COs, not the RKSHes.
“an electronic key (a smartcard) to a high tech safe deposit containing the actual backup keys” is actually a reasonable layman’s description of the encrypted backup that the RKSHes can decrypt if all four HSMs go belly-up.
Leave your response!
Twitter Feed
About Us
Digital Society is a digital think tank that believes culture and commerce are inseparable, that the digital economy flourishes when people are free and rights are secure, and that free markets free people.
Digital Society is an independent 501(c)3 non-profit organization, funded by donations from Jon Henke and from Arts+Labs. We advocate for a pro-culture, pro-commerce digital society through research, analysis and debate on emerging technology issues.
Reply Comments
Transparency and interactivity are trademarks of the Internet era, and we aim to foster them here at Digital Society. It is inevitable that some people will disagree with the technology policy positions we take. We want to have that constructive debate.
The Reply Comments feature gives our critics a chance to respond to our viewpoints and the Digital Society audience convenient access to competing arguments. Any time we directly challenge the views of an individual or a group on this site, the party in question may substantively respond in a guest post.
Please contact executive director Jon Henke by e-mail.
Subscribe
Daily Digest Email
Recent Posts
Recent Posts
Most Commented
Most Viewed