Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Canadian Who Holds the Key To the Internet

Posted by Soulskill on from the hope-nothing-breaks-during-hockey-season dept.

drbutts writes "The Toronto Star has an interesting story on how they are securing DNS: 'It's housed in two high-security facilities separated by the North American landmass. The one authenticated map of the Internet. Were it to be lost — either through a catastrophic physical or cyber attack — it could be recreated by seven individuals spread around the globe. One of them is Ottawa's Norm Ritchie. Ritchie was recently chosen to hold one of seven smartcards that can rebuild the root key that underpins this system' called DNSSEC (Domain Name System Security Extensions). In essence, these seven can rebuild the architecture that allows users to know for certain where they are and where they are going when navigating the Web."

10 of 199 comments (clear)

  1. Re:Really two different halves by joeflies · · Score: 5, Informative

    The article does state that you need 5 of 7 to restore.

  2. Re:Really two different halves by XanC · · Score: 4, Informative

    Looks like you're right; they appear to be using an implementation of Shamir's Secret Sharing

  3. Re:Really two different halves by Anonymous Coward · · Score: 2, Informative

    No, if they say 4 of 7, then they probably really in fact mean 4 of 7. You are right that having just 2 pieces and distributing copies of them would get the situation you describe (well, actually, it would require 5 of 7 as 4 people would have one half and 3 would have the other half), but algorithms exist to split a key into any number of a pieces and require any number of those pieces to get a full key. Basically, just make a PAR of the key with the desired amount of redundancy and hand out equal sized chunks of the file. This is probably not exactly what they do, but it would work similarly.

  4. Re:Really two different halves by Actually,+I+do+RTFA · · Score: 2, Informative

    There's no need to split it up so simply. There are ways of splitting up a dataset in 7 such that any 4 can reconstitute it without allowing any handpicked 3 to be able to do so.

    An example, where you wanted to require two of three could be accomplished by splitting the key and a random number into thirds. Each party would get 1/3 of the key, 1/3 of the random number and 1/3 of the XOR of the two. Then any two can determine the whole key (assuming they knew which one of their thirds each section was, of course). It's generalizable to 4 of 7.

    --
    Your ad here. Ask me how!
  5. Re:Not good by nacturation · · Score: 5, Informative

    The internet is supposed to be able to repair itself. You know, route around damage and stuff?

    The internet will continue to work fine. This only impacts DNSSEC and the ability to rebuild based on the private key distributed on those smartcards. If all 7 get assassinated and their smart cards hacked to bits with no backups, we can still revert to plain old DNS.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  6. Re:I don't care if you are from Iran by AfroTrance · · Score: 2, Informative

    The key holders are the Elders of the Internet.

  7. Re:Really two different halves by d3vi1 · · Score: 4, Informative

    Nope. It's common practice in the PKI world to use an HSM which calculates the private key upon startup. The key is not stored anywhere. It's calculated when you start the HSM. It's a function with 7 intersection points with the X axis. Knowing any 4 of the 7 intersection points is enough to calculate the function parameter. That in turn is the actual private key.

    RAID has nothing to do with this. The HSMs operate under the presumption that the safest guard for the private key is not to have it at all, encrypted or not. You calculate it only when needed. If the HSM goes down you need a new key migration ceremony in a worst case scenario, and in the best case scenario, just the administrator and operator smart cards to unlock the security world.

    This is what is being done at any public CA installed in your browser and at any Publicly signed Enterprise CA.

    --
    UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever ones.
  8. A British key-holder giving and interview by Cougem · · Score: 2, Informative

    http://www.bbc.co.uk/news/uk-10781240 Not the best interview, but relevant.

  9. Re:You might want to look up Dan Kaminsky by leuk_he · · Score: 2, Informative

    Dan Kaminsky got a key,
    Paul Kane got one,
    the others well geograpically distributed make the international resque team complete.

  10. Re:You couldn't just find everyone? by rickb928 · · Score: 3, Informative

    1) Yes, you could.

    2) When you have a workable method for sending a postcard to every IP address, let me know. Mapping IP address to street address is a neat trick if you can pull it off. Just don't rely on WHOIS, for obvious reasons.

    --
    deleting the extra space after periods so i can stay relevant, yeah.