Seven People Hold the Keys to the Internet, Literally

July 29, 2010 -

In the event a cyber attack cripples the World Wide Web, seven members of a “chain of trust” have been given the responsibility of restarting the Internet, with each individual armed with a key.

The key holders include one member from each of the following countries: Britain, the U.S., Trinidad and Tobago, Canada, China, Burkina Faso and the Czech Republic.

According to PopSci.com
, five of the seven would need to gather at a U.S. base with their keys in order to restart the Internet.

PopSci further described the keys:

The keys are actually smartcards that each contain parts of the DNSSEC root key, which could be thought of as the master key to the whole scheme. But it is interesting to know that there is a group of individuals out there that hold actual, physical keys that would reboot the Internet as we know it.

A video on the CommunityDNS website shows the keys and provides more background information on how they function. CDNS CEO Paul Kane was appointed by ICANN as one of the seven individuals, dubbed Trusted Community Representatives (TCR).


Comments

Re: Seven People Hold the Keys to the Internet, Literally

I'm surprised China has a key, what with the Great Firewall and all

岩「hey Glenn Beck, I heard you oppose Net Neutrality, so we blocked your site.」

岩「…I can see why Hasselbeck's worried about fake guns killing fake people. afterall, she's a fake journalist on a fake news channel」

Re: Seven People Hold the Keys to the Internet, Literally

Albert, with the power of Online Gaming!

Howard, with the power of Embedded Videos!

John, with the power of Political Forum Flame-Wars!

Stacey, with the power of Rumors About Girls On The Internet!

Chris, with the power of the Chan Boards!

Jamal, with the power of YTMND!

And Ma-ti, with the Power of Heart!

By your powers combined, I am TED STEVENS.

Re: Seven People Hold the Keys to the Internet, Literally

This is too stupid to be fake.  

Pwnage of Empires

Re: Seven People Hold the Keys to the Internet, Literally

So...hypothetically...if kidnapped these men...took their keys... then shutdown the internet...

THE WORLD WOULD BE AT MY MERCY!!! I'll give back the internet for... 1 million dollars!!! MUHAHAHAHAHA! AHAHAHAHAH! ahahahhahaha! hahaha! eh.

 

 

"The difference between genius and stupidity is that genius has its limits." -Albert Einstein

"The difference between genius and stupidity is that genius has its limits." -Albert Einstein

Re: Seven People Hold the Keys to the Internet, Literally

'Britain, the U.S., Trinidad and Tobago, Canada, China, Burkina Faso and the Czech Republic.'

 

These are the countries that get the keys really?  1 is a communist dictatorship, and 3 are basically irrelevant.  This is stupid.

I mean, the idea itself is stupid, but still..

 

Re: Seven People Hold the Keys to the Internet, Literally

The countries are not receiving the key.  Specific people are receiving either access to the keys that unlock the key (TCO's) or key shares - parts of the key that can be used to reconstitute the key if it is lost.  The key itself is safely locked away.

Be careful what you call stupid.  Without DNSSEC signing the root delegations down to 'www.yourbank.com', you are highly vulnerable to attack.  In recent years, with the Kaminsky vulnerability for example, we have done our best to protect the operating DNS from incursion - using tricks and hacks to make incursion harder - but any solution short of DNSSEC is a temporary one.

Re: Seven People Hold the Keys to the Internet, Literally

I get that, but at least three of those people are from countries that have little to no worth that I'm aware of to the international community.

It'd be like giving the key to an African tribemsen; it makes no freaking sense.

Re: Seven People Hold the Keys to the Internet, Literally

Forgive me for saying, I do not think that you do get it.  Imagine if you knew an African tribesman who contributes code to open source projects on a regular basis, participates in IETF protocol documentation and definitions, and generally advances the state of the art in Internet services in his home country (making the Internet deployable and reachable by his countrymen so that they can be enriched by it)?  A man who has a long standing reputation as being honest and trustworthy?  Would it seem so strange that this individual is selected?

I can't imagine what three you are referring to.  TT and BF maybe (and I admit I don't know those two men, but I assume they are involved in advancing their respective country's abilities to connect), but what is your "at least 3" 3rd?  CZ has hosted one and is hosting another IETF this year, at a time when US megacorporations refuse to do so (due to suddenly losing their marketing budgets to recession), and Ondřej's contributions to the open source and DNS communities are manifold.  CN couldn't possibly make your list of "backwards countries" because they have by vast majority the most Internet users of any nation, and their contributions are manifold - CNNIC has been instrumental in this very work.

People are not caricatures of the countries they reside in.

Re: Seven People Hold the Keys to the Internet, Literally

But they were all of them, deceived, for another key was made...

 

Re: Seven People Hold the Keys to the Internet, Literally

Isn't that precious...  ;)

Re: Seven People Hold the Keys to the Internet, Literally

So you need 5 out of the 7 keymakers to be able to reload the Matrix?

Re: Seven People Hold the Keys to the Internet, Literally

I'm not saying this is true, but if it is they better have kept al lthose key holders anonymous. It wouldn't just be the obvious terror groups who would have an interest in gettign their hands on such an items.

Re: Seven People Hold the Keys to the Internet, Literally

No.  The process is needfully transparent, which means the TCO's and RKSH's are a matter of public record.

http://www.root-dnssec.org/tcr/selection-2010/

I am proud to say that I have worked with 7 of the people listed and they are admirable people you can put your faith in.

Re: Seven People Hold the Keys to the Internet, Literally

Either I've become completely out of touch with how the Internet actually works, or this sounds like a heaping pile of crap.  "Reboot the Internet?"  Isn't the web just a series of millions of individual servers, each acting independantly to swap data packets over established telecommunication networks, from literally every region of the world?  How could you possibly "reboot" that, how does that even make sense?  Are they saying they have backup copy of the entire contents of every server in the world, and they can just turn a key to redownload it all everywhere at once?????

 

EDIT:  Ugh, I really need to click on the links provided before responding to an article.  Nevvermind all the above.  I'll just leave it up there to remind myself of my own idiocy.  :p

Re: Seven People Hold the Keys to the Internet, Literally

 It is a rather melodramatic way of describing it....

It is also a rather strange image since the whole point of the original design for the internet (i.e. from its ARPANET days) was that it could survive attacks on pieces of it (i.e. nukes) and still keep the remaining pieces connected and able to communicate with each other.

Which the modern internet is still quite capable of doing.....

Re: Seven People Hold the Keys to the Internet, Literally

I have since thought about the whole "kill switch" thing, and now I'm even more confused.  The kill switch basically is just a dramatic way of saying that they turn off the telecommunication networks so a critical cyber attack cannot spread anymore.  Why would you need to give 7 different people from around the world the responsibility of turning it back on?  Why couldn't the people who turned them off in the first place just do it themselves?  Is there some security risk I'm missing here, where we can't trust the people in charge to do it?  If so, why do we trust them to turn it off in the first place?  Also, the kill switch only applies to the US, since the President would really only have the authority to tell telecommunication companies based in this country to switch off, nowhere else.  So why give the "keys" to people all around the world?  And then they all have to gather back here in the US to use them?  What is the point of all that?

Not to mention, how the government plans to function during a crisis, with all communications offline.  You can't "just" turn off the internet, as long as phone and tv cable lines are still working, packets of data can still be passed.  So you have to turn the whole damn thing off, leaving everyone completely isolated.  Unless they plan on running everything with shortrange radios.  I don't know, this all seems incredibly stupid and not thought out....

Re: Seven People Hold the Keys to the Internet, Literally

The "kill switch" is unrelated to DNSSEC or the need to recover DNSSEC KSK's (Key-Signing-Key).  The recent executive powers discussions to disable networks is an access issue, whereas the DNS root zone (and thus the mechanics of signing and trusting the signatures of the root zone) is a service you would want to access.

The root DNS zone (that delgates to .com, .net, and the various CC-TLD's) is now signed with DNSSEC.  This has been a twenty year program to secure the DNS from spoofing or brute force transaction-ID insertion attacks (a la Kaminsky).  The problem posed by cryptography is where you anchor your trust.  What sort of cryptography and what key do you trust, and who has access to it?  The problem posed is that it is not enough for a key to exist - if that key can be subverted, then you don't actually have something you can trust effectively.  If the key can be destroyed, then you don't have a reliable system you can put your faith in to operate without significant flaw.

So you have to lock away the private key in a safe place.  But for the community to have trust in that key, you have to have a compelling story about why that private key can't be subverted by e.g. one person acting alone.

So you have ICANN's key policy, which involves people they call "TCO's" to govern access to the KSK for ZSK purposes, enabling ICANN to extract the key from the safe for a signing event before putting it away.  And RKSH's should the hardware the KSK is stored on should fail, or succumb to natural disaster - for recovery of the private key.

TCO is 'Trusted Cypto Officer'.  Several times a year, the KSK (Key Signing Key) of the root zone needs to be unencrypted so that it can sign new ZSK's (Zone Signing Key).  TCO's each hold a part of the key to perform this operation, from memory I believe only 3 of 7 of one set of TCO's is required to perform this operation.  There are two sets of 7 TCO's, 14 total, each 7 corresponding to one of the two key safe facilities on the East and West coast.

RKSH is Recovery Key Share Holder.  There are only 7 of these, global to both facilities.  Each RKSH carries a portion of the KSK, and if I remember from Joe Abley's presentation correctly only 5 of 7 are required to reassemble the key should it be lost.  Note that this just recovers the original KSK private key.  It does not solve the problem of incursion.  If someone cracks the key, what you need is a new key.  Recovering a copy of the old key does not help.

This is where people get confused.  It is not tacitly required that the 7 RKSH's must assemble in one of the two key safes to recover the key.  They could theoretically assemble anywhere.  In practical terms, because ICANN is under contract to the US Department of Commerce, I would expect that the RKSH's would assemble in a new US key safe facility if both of the old US facilities had succumbed to some natural disaster or destruction.

Note finally that the RKSH's would not be needed until or unless the ZSK's expire.  The loss of the key safe facilities does not "break the Internet."  It just disables ICANN's ability to "key roll", or produce new ZSK's signed by the KSK.  The old ZSK's will continue to function just fine for as long as the keys are valid (I haven't looked, but it is anywhere from several months to several years).

Re: Seven People Hold the Keys to the Internet, Literally

why do they have to meet in the US? why not any of the other countries?.

can the "hero" assemble 5 of the 7 keys and weild the master key once more in time to save the internet and rescue the princess. The legend of Zelda: KEYS OF THE INTERNET.

Re: Seven People Hold the Keys to the Internet, Literally

At the IETF 78 meeting in Maastricht (where I am sitting right now), at the first DNSOP meeting, Joe Abley and another man I can't remmeber his name offhand presented a nicely detailed explanation of how the key systems work and the reasons for the precautions to recover the keys in the event of catastrophe.

There are two key safes in the US, one on each coast, and you have to understand that ICANN and Verisign operate the root DNS zone under contract - to the US Department of Commerce.

So brining us back to your question:  The reason it had to be a facility in the U.S. is because that is a requirement stipulated by the US Department of Commerce.

Re: Seven People Hold the Keys to the Internet, Literally

Or, the UN?

Or, hey!  FREE RIDE TO THE INTERNATIONAL SPACE STATION!  Woo hoo!  :D

Nightwng2000

NW2K Software

http://www.facebook.com/nightwing2000

Nightwng2000 is now admin to the group "Parents For Education, Not Legislation" on MySpace as http://groups.myspace.com/pfenl

Nightwng2000 NW2K Software http://www.facebook.com/nightwing2000 Nightwng2000 is now admin to the group "Parents For Education, Not Legislation" on MySpace as http://groups.myspace.com/pfenl

Re: Seven People Hold the Keys to the Internet, Literally

Isn't the UN in New York?

Re: Seven People Hold the Keys to the Internet, Literally

But how will they book their flights to the US if all the online booking sites are down?

Re: Seven People Hold the Keys to the Internet, Literally

I preferred The Telegraph's take on the story, which included this video: http://www.youtube.com/watch?v=D-0WpVukLGQ

/b 

Re: Seven People Hold the Keys to the Internet, Literally

This so needs to be a quest in the next FallOut game.

Re: Seven People Hold the Keys to the Internet, Literally

Since a good chunk of each game is a quest to give humanity a small stepping stone to get bakc on their feet, yes, yes it does. I do wonder if in New Vegas there will be any implications i nthe Mojave from Project Purity n the Capital Wastes

Re: Seven People Hold the Keys to the Internet, Literally

There may be references to it, but I doubt it. The whole point of New Vegas is for most of the original designers to do a true FallOut sequel.

Venturing across the wasteland to find the keys would be like in the "You gotta shoot 'em in the head" quest in FO 3 (Where you have to steal \ find keys for the fort for Mr Crowley), but there could be a twist where the quest giver just wants access to porn. :D

Re: Seven People Hold the Keys to the Internet, Literally

And if everything else fails, they will have to send link...

 

Seriously? Why seven people around the world? Sounds like the argument of a nerd movie.

------------------------------------------------------------ My DeviantArt Page (aka DeviantCensorship): http://www.darkknightstrikes.deviantart.com

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
MaskedPixelanteOK, so my brief research looking at GameFAQs forums (protip, don't do that. GF forums are like 4chan without the slurs), the 3DS doesn't have the power to run anything more powerful than the NES/GBC/GG AND run the 3DS system in the background.07/28/2014 - 11:01am
ZenMatthew, the 3DS already has GBA games in the form of the ambassador tittles. And I an just as curious about them not releasing them on there like they did the NES ones. I do like them on the Wii U as well, but seems weird. And where are the N64 games?07/28/2014 - 10:40am
james_fudgeNo. They already cut the price. Unless they release a new version that has a higher price point.07/28/2014 - 10:19am
E. Zachary KnightMatthew, It most likely is. The question is whether Nintendo wants to do it.07/28/2014 - 10:12am
Matthew WilsonI am sure the 3ds im more then powerful enough to emulate a GBA game.07/28/2014 - 9:54am
Sleaker@IanC - while the processor is effectively the same or very similar, the issue is how they setup the peripheral hardware. It would probably require creating some kind of emulation for the 3DS to handle interfacing with the audio and input methods for GBA07/28/2014 - 9:30am
Sleaker@EZK - hmmm, that makes sense. I could have sworn I had played GB/GBC games on it too though (emud of course)07/28/2014 - 9:23am
E. Zachary KnightSleaker, the DS has a built in GBA chipset in the system. That is why it played GBA games. The GBA had a seperate chipset for GB and GBColor games. The DS did not have that GB/GBC chipset and that is why the DS could not play GB and GBC games.07/28/2014 - 7:25am
IanCI dont think Nintendo ever gave reason why GBA games a reason why GBA games aren't on the 3DS eshop. The 3DS uses chips that are backwards compatable with the GBA ob GBA processor, after all.07/28/2014 - 6:46am
Sleakerhmmm that's odd I could play GBA games natively in my original DS.07/28/2014 - 1:39am
Matthew Wilsonbasically "we do not want to put these games on a system more then 10 people own" just joking07/27/2014 - 8:13pm
MaskedPixelanteSomething, something, the 3DS can't properly emulate GBA games and it was a massive struggle to get the ambassador games running properly.07/27/2014 - 8:06pm
Andrew EisenIdeally, you'd be able to play such games on either platform but until that time, I think Nintendo's using the exclusivity in an attempt to further drive Wii U sales.07/27/2014 - 7:21pm
Matthew WilsonI am kind of surprised games like battle network are not out on the 3ds.07/27/2014 - 7:01pm
Andrew EisenWell, Mega Man 1 - 4, X and X2 are already on there and the first Battle Network is due out July 31st.07/27/2014 - 6:16pm
MaskedPixelanteDid Capcom ever give us a timeline for when they planned on putting the Megaman stuff on Wii U?07/27/2014 - 2:23pm
MaskedPixelanteIf by "distance themselves from Google Plus" you mean "forcing Google Plus integration in everything", then yes, they are distancing themselves from Google Plus.07/26/2014 - 12:20pm
MechaTama31I wish they would distance G+ from the Play Store, so I could leave reviews and comments again.07/26/2014 - 11:03am
Matthew Wilson@pm I doubt it. Google seems to be distancing themselves from G+07/25/2014 - 9:31pm
Papa MidnightGoogle+ Integration is coming to Twitch!07/25/2014 - 8:41pm
 

Be Heard - Contact Your Politician