On 8October2013Tuesday, at 6:19, Phillip Hallam-Baker wrote:
On Tue, Oct 8, 2013 at 8:53 AM, manning bill <bmanning(_at_)isi(_dot_)edu>
wrote:
I think the US executive branch would be better rid of the control before
the vandals work out how to use it for mischief. But better would be to
ensure that no such leverage exists. There is no reason for the apex of the
DNS to be a single root, it could be signed by a quorum of signers (in
addition to the key splitting which I am fully familiar with). And every
government should be assigned a sovereign reserve of IPv6 addresses to
prevent a scarcity being used as leverage.
--
Website: http://hallambaker.com/
Quorum signing with split keys was already built and tested in a
root server operator testbed (the OTDR testbed) from 1998-2005. It was
considered more fragile than the current system.
Considered more fragile by whom?
By the members of the $250m/yr NSA mole program?
Very few people in DNS land recognize the class of attack as being realistic.
Even when they have prime ministers and members of the GRU visiting them to
tell them how important the issue is to their country.
We already have one example of lobbyists attempting this type of attack (see
Martin's post). So it is far from unrealistic.
At present ICANN's power over the DNS is entirely discretionary. Attempting
to drop Palestine out of the routing tables would simply be the end of the
ICANN root zone. ICANN could continue to manage .com but their influence over
the rest of the system would end completely.
But DNSSEC changes the balance of power. With the root signed and embedded
infrastructure verifying DNSSEC trust chains, the cost of a switchover rises
remarkably. And when I tried to mention the fact I tended to get nasty
threats.
The third question of power is 'how do we get rid of you'. The answer in the
case of DNSSEC is that you can't.
Fortunately the issue is quite easily fixed, just as the problem of using
IPv6 or BGP allocations for leverage is fixable. Governments don't need to
wait on ICANN or the IETF to develop a quorum signing model for the DNS apex,
they could and should institute one themselves and tell their infrastructure
providers to chain to the quorum roots rather than the monolithic apex root.
Been there, done that, outgrew the teeshirt.
Interestingly, the perceived value of a common, global namespace is
_MUCH_ higher than the value of a controlled, boundary constrained namespace…
At least by nearly every government to date.
The fragile vectors could be classed in two buckets, Human Factors &
Timing.
/bill