The Canadian Who Holds the Key To the Internet

← Back to Stories (view on slashdot.org)

The Canadian Who Holds the Key To the Internet

Posted by Soulskill on Friday July 30, 2010 @04:17PM from the hope-nothing-breaks-during-hockey-season dept.

drbutts writes "The Toronto Star has an interesting story on how they are securing DNS: 'It's housed in two high-security facilities separated by the North American landmass. The one authenticated map of the Internet. Were it to be lost — either through a catastrophic physical or cyber attack — it could be recreated by seven individuals spread around the globe. One of them is Ottawa's Norm Ritchie. Ritchie was recently chosen to hold one of seven smartcards that can rebuild the root key that underpins this system' called DNSSEC (Domain Name System Security Extensions). In essence, these seven can rebuild the architecture that allows users to know for certain where they are and where they are going when navigating the Web."

20 of 199 comments (clear)

Really two different halves by XanC · 2010-07-30 16:18 · Score: 3, Interesting

The story I read said that any four of these seven must get together at one of these bases. That seems to indicate that each one has half of the key. Two of them, if they were the right two, could do it. But having four out of seven guarantees that you have at least one copy of both halves.
1. Re:Really two different halves by joeflies · 2010-07-30 16:24 · Score: 5, Informative
  
  The article does state that you need 5 of 7 to restore.
2. Re:Really two different halves by XanC · 2010-07-30 16:28 · Score: 4, Informative
  
  Looks like you're right; they appear to be using an implementation of Shamir's Secret Sharing
3. Re:Really two different halves by JWSmythe · 2010-07-30 16:52 · Score: 4, Insightful
  
  Yup. Poor disaster planning.
  They've never heard of assured continuity. It's a good plan if all other services are ok. If I read it right, the folks need to gather at a known point. That would assume air travel was still viable. We saw that stop during 9/11. Since they're smart cards, I'm assuming it would require the appropriate smart card readers. If the physical locations where they are to assemble aren't accessible, that makes it a bit rough. They mention two US sites as the places to gather, so civil unrest in the US could severely limit travel. While us Americans are very America-centric, I'm sure the rest of the world wouldn't be totally delighted if their Internet services stopped working just because we were having problems.
  If it does take 5 of 7 to restore the key, that could be problematic. They named one. I'm sure brute force decryption (i.e., torture) could find out who at least two others are. So if 3 were taken out of the equation, that leaves 4 to carry on. As time goes on, it would be a shame if the cards were lost. Just because you stuck it in the safe doesn't mean that safe will always be the one you use. People move. Offices change. People die. When Joe-key-holder dies, and his coworkers don't realize what the keys are, they could easily end up in a file box marked "Joe's office stuff", and stuck in storage to be forgotten about after a few years of staff churn.
  I don't see it as catastrophic. It's about as rough as when we were told "be sure to update your named.root file." Lots of people did it. Lots of people who should have didn't know. Even if you missed it, it didn't really break anything very much.
  
  --
  Serious? Seriousness is well above my pay grade.
4. Re:Really two different halves by thej1nx · 2010-07-30 17:24 · Score: 3, Insightful
  
  As time goes on, it would be a shame if the cards were lost. Just because you stuck it in the safe doesn't mean that safe will always be the one you use. People move. Offices change. People die. When Joe-key-holder dies, and his coworkers don't realize what the keys are, they could easily end up in a file box marked "Joe's office stuff", and stuck in storage to be forgotten about after a few years of staff churn.
  I am pretty sure if you are one of the only seven people in the world to be trusted with the responsibility of a certain item, you will just "forget" it when you move.
  When you come up with outlandish theories, at least use common sense. It is perfectly possible that the card gets stolen by a burglar who doesn't realizes what it is. And even then it will at least be reported and appropriate measures taken. You seem to have picked up some curious notion that nobody had the foresight to keep a note on the whereabouts and well-being of these individuals("Where are those cards again? I dunno... some dude was supposed to have them. Not sure where they are now, or who they were... we sent them deep undercover you see, to protect them against torture from enemy agents!").
  This is just a mere precaution of not keeping their eggs in one basket, since losing the key will indeed be catastrophic to DNSSEC. If anything, it is obviously just one of the many other backups they have.
5. Re:Really two different halves by slick7 · 2010-07-30 19:53 · Score: 4, Funny
  
  Yup. Poor disaster planning.
  More like typical disaster planning.
  
  --
  The mind conceives, the body achieves, the spirit manifests.
6. Re:Really two different halves by maxwell+demon · 2010-07-30 21:25 · Score: 3, Funny
  
  Of course they should instead have chosen a system where you need 7 of 9 to restore!
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
7. Re:Really two different halves by d3vi1 · 2010-07-30 21:55 · Score: 4, Informative
  
  Nope. It's common practice in the PKI world to use an HSM which calculates the private key upon startup. The key is not stored anywhere. It's calculated when you start the HSM. It's a function with 7 intersection points with the X axis. Knowing any 4 of the 7 intersection points is enough to calculate the function parameter. That in turn is the actual private key.
  RAID has nothing to do with this. The HSMs operate under the presumption that the safest guard for the private key is not to have it at all, encrypted or not. You calculate it only when needed. If the HSM goes down you need a new key migration ceremony in a worst case scenario, and in the best case scenario, just the administrator and operator smart cards to unlock the security world.
  This is what is being done at any public CA installed in your browser and at any Publicly signed Enterprise CA.
  
  --
  UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever ones.
Not good by countertrolling · 2010-07-30 16:23 · Score: 5, Insightful

The internet is supposed to be able to repair itself. You know, route around damage and stuff? This all sounds as fragile as our transportation system when merely threatened with an explosive device, bringing it to a complete halt. Is our entire food supply this flimsy?

--
For justice, we must go to Don Corleone
1. Re:Not good by Barny · 2010-07-30 16:30 · Score: 3, Funny
  
  Think about it, if walmart lost their supply chain, probably 1/3 of Americans would die of malnutrition within a week, or gain 50kg from the take out consumed.
  To be honest, the "internet" would keep going, and does indeed route around damage, but the "web" would have the computer version of a stroke if you dropped the root DNS.
  
  --
  ...
  /me sighs
2. Re:Not good by nacturation · 2010-07-30 16:34 · Score: 5, Informative
  
  The internet is supposed to be able to repair itself. You know, route around damage and stuff?
  The internet will continue to work fine. This only impacts DNSSEC and the ability to rebuild based on the private key distributed on those smartcards. If all 7 get assassinated and their smart cards hacked to bits with no backups, we can still revert to plain old DNS.
  
  --
  Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
3. Re:Not good by rolfwind · 2010-07-30 16:38 · Score: 3, Funny
  
  Think about it, if walmart lost their supply chain, probably 1/3 of Americans would die of malnutrition within a week, or gain 50kg from the take out consumed.
  Walmart is nutritious AND less calories than take-out?! BTW, Americans don't gain kg, pounds or lbs, sure, but not kg.
seven? nine? three? by chub_mackerel · 2010-07-30 16:41 · Score: 5, Funny

Ritchie was recently chosen to hold one of seven smartcards that can rebuild the root key that underpins this system' called DNSSEC (Domain Name System Security Extensions).

I thought the dwarves got seven cards. And, the humans got nine... and the elves three. Or, am I mixing something up?
We don't live in the movies by Sycraft-fu · 2010-07-30 16:50 · Score: 4, Insightful

The world is not full of evil organizations who are thoroughly evil, yet well funded, that run around doing evil for its own sake. The likelihood of someone blowing up both facilities and kidnapping the people who hold the cards just to try and take down DNSSEC is pretty unlikely. I think this is more likely protection against hacking (which is much safer) or a gigantic mistake. Always good to ask the question "If everything fails, how are we going to rebuild it?" That's what this is.
Please remember that vast kidnapping conspiracies and so on require a lot of people acting in concert. That is hard to keep hidden. What's more in this case you'd be talking about something all over the world. You are also talking about something that would draw the wrath of the most powerful nations out there. The US (who holds the facilities), the UK, China, etc. It doesn't work like in James Bond where the baddies contact the government and they have to knuckle in unless a lone agent can bring them down. What happens is the governments send in hundreds of heavily armed, highly trained, soldiers that will kill or capture anyone who is involved, or perhaps just as likely simply destroys the building they are in with a well placed smart bomb from a bomber you cannot see.
The idea here seems to more be a final redundancy against a systems failure, but one where a single person can't go rogue and cause a problem.
So please, stop with the paranoid movie plots.
Seven, heh ? by zzyzyx · 2010-07-30 17:04 · Score: 5, Funny

One Card to rule them all, One Card to find them,
One Card to bring them all and in the darkness bind them
This, Jen, is the internet by dangitman · 2010-07-30 17:46 · Score: 4, Funny

Jen: What is it?
Moss: This, Jen, is the Internet.
Jen: What?
Moss: That's right.
Jen: This is the Internet?
[Moss is nodding his head]
Jen: (suspiciously) The whole Internet?
Moss: (agreeably) Yep. I asked for a loan of it, so that you could use it in your speech.
[Roy enters the room.]
Roy: (irritated) Hey! What is Jen doing with the Internet?
Jen: Moss said I could use it for my speech.
[Roy speaks to Moss in an edgy way.]
Roy: Are you insane? What if she drops it?
Jen: I won't drop it, I'll look after it.
Roy: No. No, no, no, no, Jen. [Takes the box back from Jen.] No, this needs to go straight back to Big Ben.
Jen: Big Ben?
Moss: Yep. It goes on top of Big Ben. That's where you get the best reception.
Jen: I promise I won't let anything happen to it.
Roy: No, Jen, I'm sorry. [Jen becomes woeful.] The elders of the Internet would never stand for it.

--
... and then they built the supercollider.
My first thought... by Anonymous Coward · 2010-07-30 17:56 · Score: 5, Funny

Earth! Fire! Wind! Water! Heart!
It'd be awesome if they yelled that out as they each scanned their cards.
1. Re:My first thought... by Dogers · 2010-07-30 22:15 · Score: 4, Funny
  
  com! net! org! tv! biz!
  Captain DNS and the Resolveteers!
  
  --
  I am a viral sig. Please copy me and help me spread. Thank you.
Seven to the Canadians in their Halls of Snow by Arancaytar · 2010-07-30 20:53 · Score: 4, Funny

(But in secret, another smart-card was made - one that could rule all the others...)
Re:You couldn't just find everyone? by rickb928 · 2010-07-31 03:01 · Score: 3, Informative

1) Yes, you could.
2) When you have a workable method for sending a postcard to every IP address, let me know. Mapping IP address to street address is a neat trick if you can pull it off. Just don't rely on WHOIS, for obvious reasons.

--
deleting the extra space after periods so i can stay relevant, yeah.