IP Block 99/8 (DHS insanity - offtopic)

J. Oquendo sil at infiltrated.net
Tue Apr 24 13:58:20 UTC 2007


Alrighty... Since you pointed out this article I already read.


// QUOTE //
"This is the U.S. government stepping forward and showing leadership," 
Douglas Maughan, an official with the Department of Homeland Security's 
Science and Technology Directorate, told United Press International.
// END //

Strong leadership? What are they implying they will lead. They can't
even lead their own security issues and I've yet to see anything
on GCN, FCW implying that mil or gov servers had their DNS servers
hijacked. So what is proposed that they will lead?

// MORE // 
The DNS Security Extensions Protocol, or DNSSec, is designed to end such 
abuse by allowing the instantaneous authentication of DNS information -- 
effectively creating a series of digital keys for the system.
 
One lingering question -- largely academic until now -- has been who 
should hold the key for the so-called DNS Root Zone, the part of the 
system that sits above the so-called Top Level Domains, like .com and .org.

...
 
The draft lays out a series of options for who could be the holder, or 
"operator," of the Root Zone Key, essentially boiling down to a 
governmental agency or a contractor.
// END //


You mean like Verisign? Why should the US handpick a company or
one of their contractors to manage this. You're implying that a
PRIVATE CORPORATION would never follow the will of the one feeding
it... I could as could anyone else point out the systemic abuse
that would follow. One would have to be ignorant to ignore the
potential for abuse not solely from a government whispering sweet
nothings in the ear for sake of perhaps censorship, but what
about the private abuse... No form of oversight other than the
US and our Department of Terrorism and Paranoia Security are
mentioned.


// QUOTED //
"Nowhere in the document do we make any proposal about the identity of 
the Root Key Operator," said Maughan, the cyber-security research and 
development manager for Homeland Security.
// END QUOTE//


Uh... In the same article it states "The draft lays out a series
of options for who could be the holder, or "operator," of the
Root Zone Key, essentially boiling down to a governmental agency
or a contractor." Yet here is Maughan stating "Oh no... DHS and
the US government won't pick who holds keys..."


// QUOTE //
"The Root Key Operator is going to be in a highly trusted position. It's 
going to be a highly trusted entity. The idea that anyone in that 
position would abuse it to spoof addresses is just silly."
// END //


The idea that it has a huge potential for abuse is not silly. I
can see where some would be either too good hearted to take heed
to common logic, but the potential for abuse is right smack dab
in anyone's face. You pointed out the article Mr. Sachs, so
please explain to me how you can now come back and state "But the
DHS has no intention on controlling the key... Sure they intend
on handpicking who does, but that doesn't mean said company will
not follow what it is mandated to do by US government, nor will
said company abuse it on their own."

I can point out hundreds of contractors with the government who
so blatantly con the government and circumvent laws. But that
would be geared towards a political mailing list, not this one.
So if we're to stick to the facts, getting the gist out of the
article you chose... You just re-confirmed the US government's
underlying desire to somehow control the root keys...
 

-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
echo infiltrated.net|sed 's/^/sil@/g'

"Wise men talk because they have something to say;
fools, because they have to say something." -- Plato

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070424/766380e4/attachment.bin>


More information about the NANOG mailing list