Bruce Schneier pointed out that DNSSEC root key has been divided among seven people for security:
Part of ICANN’s security scheme is the Domain Name System Security, a security protocol that ensures Web sites are registered and “signed” (this is the security measure built into the Web that ensures when you go to a URL you arrive at a real site and not an identical pirate site). Most major servers are a part of DNSSEC, as it’s known, and during a major international attack, the system might sever connections between important servers to contain the damage.
A minimum of five of the seven keyholders – one each from Britain, the U.S., Burkina Faso, Trinidad and Tobago, Canada, China, and the Czech Republic – would have to converge at a U.S. base with their keys to restart the system and connect eveything once again.
Based on this key signing video it looks like they are using smart cards and an AEP Keyper HSM for this critical task. Schneier suspects it implements the Shamir’s Secret Sharing algorithm.
Considering how much our economy and our lives rely on the Internet these days, DNS is becoming a more and more critical part of our society. This is a very big event. No precaution is too great to ensure security of such critical infrastructure.
It’s becoming more and more common these days…
Tim Berners-Lee wrote a nice little letter regarding a proposal for Licensing the use of ISO codes. I have to personally agree with Berners-Lee on this one. It’s getting a little rediculus what people claim ownership of.
Can It trademark the word “internet”? Please?
According to slashdot ICANN posted an advisory.
IMHO, since Network Solutions (Verisign) is a company contracted to provide such services… they should act appropriately. I personally believe it’s time for the Department of Commerce to step in and take control of the situation. They allowed NetSol to get into this seat of power.
You need to look no further than at the Terms Of Service to see how they abuse their position:
My favorite is this:
YOUR USE OF THE VERISIGN SERVICES IS AT YOUR OWN RISK. IF YOU ARE DISSATISFIED WITH ANY OF THE MATERIALS, RESULTS OR OTHER CONTENTS OF THE VERISIGN SERVICES OR WITH THESE TERMS AND CONDITIONS, OUR PRIVACY STATEMENT, OR OTHER POLICIES, YOUR SOLE REMEDY IS TO DISCONTINUE USE OF THE VERISIGN SERVICES OR OUR SITE.
So they are now telling us… if we don’t like their service… we should ditch the internet. Or resort to using IP addresses. How about request the Department of Commerce and ICANN to unplug them next time around? Put them out of business. Completely revoke their contract next time around leaving them to be nothing but a reseller.
COST OF THE VERISIGN SERVICES.
The Verisign Service(s) are provided to you free of charge.
At least they aren’t charging us for the right to allow them to make money off of our typo’s. Thank you for not requiring us to pay for it! Thank you Verisign for not charging us!
Seriously. Some companies are just plain sick. I really hope Verisign loses big on this. VeriSlime has been a big problem for years. Now they just pushed it to a whole new level.