IP Block 99/8 (DHS insanity - offtopic)
Marcus H. Sachs
marc at sachsfamily.net
Tue Apr 24 13:39:29 UTC 2007
J. Oquendo wrote:
> http://www.heise.de/english/newsticker/news/87655
That is the article that started a very unfortunate chain of events. The
reporter got all of the facts wrong, then people who I thought had some clue
jumped into the mess and only made it worse.
> http://www.gcn.com/online/vol1_no1/43443-1.html
DHS does not want the "keys to the Internet" anymore than they want the keys
to your car. The DNSSEC initiative gets funding from DHS' Science and
Technology directorate as directed by the National Strategy to Secure
Cyberspace, published by the White House in 2003 (disclaimer - I was part of
the team at the WH that wrote that document, so feel free to toss barbs at
me about it, keeping in mind that it was published over four years ago and A
LOT has changed since then...)
The DNSSEC initiative is supported by many countries, not just the United
States. The root key (actually, the root zone's Key Signing Key or KSK)
will be held by the Root Key Operator (RKO), which is some yet-to-be
designated organization or group. Details about all of this is at
http://www.dnssec-deployment.org if you want to get into the weeds of the
initiative.
It would be nice if reporters had bothered to contact DHS to request an
interview before making statements like, "The Homeland Security Department
has stirred up online controversy with its suggestion that the government
should hold a master key for digitally signing the root zone of the Domain
Name System under the DNS Security scheme."
For a more accurate perspective, see this:
http://www.upi.com/Security_Terrorism/Analysis/2007/04/12/analysis_owning_th
e_keys_to_the_internet.
Marc
More information about the NANOG
mailing list