Seven People Hold the Keys to the Internet, Literally

July 29, 2010 -

In the event a cyber attack cripples the World Wide Web, seven members of a “chain of trust” have been given the responsibility of restarting the Internet, with each individual armed with a key.

The key holders include one member from each of the following countries: Britain, the U.S., Trinidad and Tobago, Canada, China, Burkina Faso and the Czech Republic.

According to PopSci.com
, five of the seven would need to gather at a U.S. base with their keys in order to restart the Internet.

PopSci further described the keys:

The keys are actually smartcards that each contain parts of the DNSSEC root key, which could be thought of as the master key to the whole scheme. But it is interesting to know that there is a group of individuals out there that hold actual, physical keys that would reboot the Internet as we know it.

A video on the CommunityDNS website shows the keys and provides more background information on how they function. CDNS CEO Paul Kane was appointed by ICANN as one of the seven individuals, dubbed Trusted Community Representatives (TCR).


Comments

Re: Seven People Hold the Keys to the Internet, Literally

I'm surprised China has a key, what with the Great Firewall and all

岩「hey Glenn Beck, I heard you oppose Net Neutrality, so we blocked your site.」

岩「…I can see why Hasselbeck's worried about fake guns killing fake people. afterall, she's a fake journalist on a fake news channel」

Re: Seven People Hold the Keys to the Internet, Literally

Albert, with the power of Online Gaming!

Howard, with the power of Embedded Videos!

John, with the power of Political Forum Flame-Wars!

Stacey, with the power of Rumors About Girls On The Internet!

Chris, with the power of the Chan Boards!

Jamal, with the power of YTMND!

And Ma-ti, with the Power of Heart!

By your powers combined, I am TED STEVENS.

Re: Seven People Hold the Keys to the Internet, Literally

This is too stupid to be fake.  

Pwnage of Empires

Re: Seven People Hold the Keys to the Internet, Literally

So...hypothetically...if kidnapped these men...took their keys... then shutdown the internet...

THE WORLD WOULD BE AT MY MERCY!!! I'll give back the internet for... 1 million dollars!!! MUHAHAHAHAHA! AHAHAHAHAH! ahahahhahaha! hahaha! eh.

 

 

"The difference between genius and stupidity is that genius has its limits." -Albert Einstein

"The difference between genius and stupidity is that genius has its limits." -Albert Einstein

Re: Seven People Hold the Keys to the Internet, Literally

'Britain, the U.S., Trinidad and Tobago, Canada, China, Burkina Faso and the Czech Republic.'

 

These are the countries that get the keys really?  1 is a communist dictatorship, and 3 are basically irrelevant.  This is stupid.

I mean, the idea itself is stupid, but still..

 

Re: Seven People Hold the Keys to the Internet, Literally

The countries are not receiving the key.  Specific people are receiving either access to the keys that unlock the key (TCO's) or key shares - parts of the key that can be used to reconstitute the key if it is lost.  The key itself is safely locked away.

Be careful what you call stupid.  Without DNSSEC signing the root delegations down to 'www.yourbank.com', you are highly vulnerable to attack.  In recent years, with the Kaminsky vulnerability for example, we have done our best to protect the operating DNS from incursion - using tricks and hacks to make incursion harder - but any solution short of DNSSEC is a temporary one.

Re: Seven People Hold the Keys to the Internet, Literally

I get that, but at least three of those people are from countries that have little to no worth that I'm aware of to the international community.

It'd be like giving the key to an African tribemsen; it makes no freaking sense.

Re: Seven People Hold the Keys to the Internet, Literally

Forgive me for saying, I do not think that you do get it.  Imagine if you knew an African tribesman who contributes code to open source projects on a regular basis, participates in IETF protocol documentation and definitions, and generally advances the state of the art in Internet services in his home country (making the Internet deployable and reachable by his countrymen so that they can be enriched by it)?  A man who has a long standing reputation as being honest and trustworthy?  Would it seem so strange that this individual is selected?

I can't imagine what three you are referring to.  TT and BF maybe (and I admit I don't know those two men, but I assume they are involved in advancing their respective country's abilities to connect), but what is your "at least 3" 3rd?  CZ has hosted one and is hosting another IETF this year, at a time when US megacorporations refuse to do so (due to suddenly losing their marketing budgets to recession), and Ondřej's contributions to the open source and DNS communities are manifold.  CN couldn't possibly make your list of "backwards countries" because they have by vast majority the most Internet users of any nation, and their contributions are manifold - CNNIC has been instrumental in this very work.

People are not caricatures of the countries they reside in.

Re: Seven People Hold the Keys to the Internet, Literally

But they were all of them, deceived, for another key was made...

 

Re: Seven People Hold the Keys to the Internet, Literally

Isn't that precious...  ;)

Re: Seven People Hold the Keys to the Internet, Literally

So you need 5 out of the 7 keymakers to be able to reload the Matrix?

Re: Seven People Hold the Keys to the Internet, Literally

I'm not saying this is true, but if it is they better have kept al lthose key holders anonymous. It wouldn't just be the obvious terror groups who would have an interest in gettign their hands on such an items.

Re: Seven People Hold the Keys to the Internet, Literally

No.  The process is needfully transparent, which means the TCO's and RKSH's are a matter of public record.

http://www.root-dnssec.org/tcr/selection-2010/

I am proud to say that I have worked with 7 of the people listed and they are admirable people you can put your faith in.

Re: Seven People Hold the Keys to the Internet, Literally

Either I've become completely out of touch with how the Internet actually works, or this sounds like a heaping pile of crap.  "Reboot the Internet?"  Isn't the web just a series of millions of individual servers, each acting independantly to swap data packets over established telecommunication networks, from literally every region of the world?  How could you possibly "reboot" that, how does that even make sense?  Are they saying they have backup copy of the entire contents of every server in the world, and they can just turn a key to redownload it all everywhere at once?????

 

EDIT:  Ugh, I really need to click on the links provided before responding to an article.  Nevvermind all the above.  I'll just leave it up there to remind myself of my own idiocy.  :p

Re: Seven People Hold the Keys to the Internet, Literally

 It is a rather melodramatic way of describing it....

It is also a rather strange image since the whole point of the original design for the internet (i.e. from its ARPANET days) was that it could survive attacks on pieces of it (i.e. nukes) and still keep the remaining pieces connected and able to communicate with each other.

Which the modern internet is still quite capable of doing.....

Re: Seven People Hold the Keys to the Internet, Literally

I have since thought about the whole "kill switch" thing, and now I'm even more confused.  The kill switch basically is just a dramatic way of saying that they turn off the telecommunication networks so a critical cyber attack cannot spread anymore.  Why would you need to give 7 different people from around the world the responsibility of turning it back on?  Why couldn't the people who turned them off in the first place just do it themselves?  Is there some security risk I'm missing here, where we can't trust the people in charge to do it?  If so, why do we trust them to turn it off in the first place?  Also, the kill switch only applies to the US, since the President would really only have the authority to tell telecommunication companies based in this country to switch off, nowhere else.  So why give the "keys" to people all around the world?  And then they all have to gather back here in the US to use them?  What is the point of all that?

Not to mention, how the government plans to function during a crisis, with all communications offline.  You can't "just" turn off the internet, as long as phone and tv cable lines are still working, packets of data can still be passed.  So you have to turn the whole damn thing off, leaving everyone completely isolated.  Unless they plan on running everything with shortrange radios.  I don't know, this all seems incredibly stupid and not thought out....

Re: Seven People Hold the Keys to the Internet, Literally

The "kill switch" is unrelated to DNSSEC or the need to recover DNSSEC KSK's (Key-Signing-Key).  The recent executive powers discussions to disable networks is an access issue, whereas the DNS root zone (and thus the mechanics of signing and trusting the signatures of the root zone) is a service you would want to access.

The root DNS zone (that delgates to .com, .net, and the various CC-TLD's) is now signed with DNSSEC.  This has been a twenty year program to secure the DNS from spoofing or brute force transaction-ID insertion attacks (a la Kaminsky).  The problem posed by cryptography is where you anchor your trust.  What sort of cryptography and what key do you trust, and who has access to it?  The problem posed is that it is not enough for a key to exist - if that key can be subverted, then you don't actually have something you can trust effectively.  If the key can be destroyed, then you don't have a reliable system you can put your faith in to operate without significant flaw.

So you have to lock away the private key in a safe place.  But for the community to have trust in that key, you have to have a compelling story about why that private key can't be subverted by e.g. one person acting alone.

So you have ICANN's key policy, which involves people they call "TCO's" to govern access to the KSK for ZSK purposes, enabling ICANN to extract the key from the safe for a signing event before putting it away.  And RKSH's should the hardware the KSK is stored on should fail, or succumb to natural disaster - for recovery of the private key.

TCO is 'Trusted Cypto Officer'.  Several times a year, the KSK (Key Signing Key) of the root zone needs to be unencrypted so that it can sign new ZSK's (Zone Signing Key).  TCO's each hold a part of the key to perform this operation, from memory I believe only 3 of 7 of one set of TCO's is required to perform this operation.  There are two sets of 7 TCO's, 14 total, each 7 corresponding to one of the two key safe facilities on the East and West coast.

RKSH is Recovery Key Share Holder.  There are only 7 of these, global to both facilities.  Each RKSH carries a portion of the KSK, and if I remember from Joe Abley's presentation correctly only 5 of 7 are required to reassemble the key should it be lost.  Note that this just recovers the original KSK private key.  It does not solve the problem of incursion.  If someone cracks the key, what you need is a new key.  Recovering a copy of the old key does not help.

This is where people get confused.  It is not tacitly required that the 7 RKSH's must assemble in one of the two key safes to recover the key.  They could theoretically assemble anywhere.  In practical terms, because ICANN is under contract to the US Department of Commerce, I would expect that the RKSH's would assemble in a new US key safe facility if both of the old US facilities had succumbed to some natural disaster or destruction.

Note finally that the RKSH's would not be needed until or unless the ZSK's expire.  The loss of the key safe facilities does not "break the Internet."  It just disables ICANN's ability to "key roll", or produce new ZSK's signed by the KSK.  The old ZSK's will continue to function just fine for as long as the keys are valid (I haven't looked, but it is anywhere from several months to several years).

Re: Seven People Hold the Keys to the Internet, Literally

why do they have to meet in the US? why not any of the other countries?.

can the "hero" assemble 5 of the 7 keys and weild the master key once more in time to save the internet and rescue the princess. The legend of Zelda: KEYS OF THE INTERNET.

Re: Seven People Hold the Keys to the Internet, Literally

At the IETF 78 meeting in Maastricht (where I am sitting right now), at the first DNSOP meeting, Joe Abley and another man I can't remmeber his name offhand presented a nicely detailed explanation of how the key systems work and the reasons for the precautions to recover the keys in the event of catastrophe.

There are two key safes in the US, one on each coast, and you have to understand that ICANN and Verisign operate the root DNS zone under contract - to the US Department of Commerce.

So brining us back to your question:  The reason it had to be a facility in the U.S. is because that is a requirement stipulated by the US Department of Commerce.

Re: Seven People Hold the Keys to the Internet, Literally

Or, the UN?

Or, hey!  FREE RIDE TO THE INTERNATIONAL SPACE STATION!  Woo hoo!  :D

Nightwng2000

NW2K Software

http://www.facebook.com/nightwing2000

Nightwng2000 is now admin to the group "Parents For Education, Not Legislation" on MySpace as http://groups.myspace.com/pfenl

Nightwng2000 NW2K Software http://www.facebook.com/nightwing2000 Nightwng2000 is now admin to the group "Parents For Education, Not Legislation" on MySpace as http://groups.myspace.com/pfenl

Re: Seven People Hold the Keys to the Internet, Literally

Isn't the UN in New York?

Re: Seven People Hold the Keys to the Internet, Literally

But how will they book their flights to the US if all the online booking sites are down?

Re: Seven People Hold the Keys to the Internet, Literally

I preferred The Telegraph's take on the story, which included this video: http://www.youtube.com/watch?v=D-0WpVukLGQ

/b 

Re: Seven People Hold the Keys to the Internet, Literally

This so needs to be a quest in the next FallOut game.

Re: Seven People Hold the Keys to the Internet, Literally

Since a good chunk of each game is a quest to give humanity a small stepping stone to get bakc on their feet, yes, yes it does. I do wonder if in New Vegas there will be any implications i nthe Mojave from Project Purity n the Capital Wastes

Re: Seven People Hold the Keys to the Internet, Literally

There may be references to it, but I doubt it. The whole point of New Vegas is for most of the original designers to do a true FallOut sequel.

Venturing across the wasteland to find the keys would be like in the "You gotta shoot 'em in the head" quest in FO 3 (Where you have to steal \ find keys for the fort for Mr Crowley), but there could be a twist where the quest giver just wants access to porn. :D

Re: Seven People Hold the Keys to the Internet, Literally

And if everything else fails, they will have to send link...

 

Seriously? Why seven people around the world? Sounds like the argument of a nerd movie.

------------------------------------------------------------ My DeviantArt Page (aka DeviantCensorship): http://www.darkknightstrikes.deviantart.com

 
Forgot your password?
Username :
Password :

Poll

Did Microsoft pay too much ($2.5 billion) for Minecraft developer Mojang?:

Shout box

You're not permitted to post shouts.
TechnogeekMy third "dart" wound up hitting a Chinese website for soccer scores, and the fourth hit Pokemon.com. Not one of those had anything to do with white guys getting harassed because they're white guys.09/19/2014 - 8:56pm
TechnogeekFor the record, I actually tried "throwing a dart at the Internet", or at least approximating it as best I could by zooming in at random spots on internet-map.net. First hit was a perfume seller, and then some sort of insurance spammer.09/19/2014 - 8:56pm
Technogeek"While you could throw a dart at the internet and find a site where Gamers in General are being harassed, doxxed, hacked, just because they are being perceived as white males." http://www.youtube.com/watch?v=FopyRHHlt3M09/19/2014 - 8:47pm
Andrew EisenSarkeesian and Quinn continue to get harassed and attacked (with the majority of said harassment and attacks being about their gender) and so, the story stays in the headlines. If Wolfe gets swatted again, it will be in the news again.09/19/2014 - 6:56pm
Andrew EisenYou mean Wesley Wolfe? The swatting appeared to be over his DMCA takedown, not due to his color or gender.09/19/2014 - 6:53pm
ConsterSo Sleaker, what's the sand like?09/19/2014 - 6:53pm
quiknkold@CraigR. Spreading Misandry is not going to kill Misogyny. Its just going to fuel it. half the people supporting that arguement are mysoginists themselves. They just dont know it.09/19/2014 - 6:51pm
Sleaker@CraigR - there's nothing to get over. There's no issue here until someone does an actual study on harassment rates.09/19/2014 - 6:48pm
quiknkoldWe never said Gamers were the only victims. Yes, Anita and Zoe got a bad rap. Yes, Zoe's ex was way out of line. Do I disagree with them? Depends on the arguement. Did they deserve what happened to them? Hell Effing No.09/19/2014 - 6:48pm
Sleakerbut news outlets have a tendency to blow up and sensationalize it if the person can be desrcibed as a minority, maybe because it gets the hits. How long were the 2 recent swattings in the news for? 1 was a white male developer....09/19/2014 - 6:47pm
Craig R.Get over it.09/19/2014 - 6:46pm
Craig R.Gamers are just lucky that their behavior wasn't brought to attention of everybody else sooner, and gamers are pissy about that09/19/2014 - 6:46pm
SleakerIn fact, just because a few female developers every year get harassed doesn't make it systematic. As a whole developers are harassed by people.. Swatted, etc.09/19/2014 - 6:46pm
Craig R.And if you don't think misogyny and sexism is widespread, then you're living with your head buried in the sand09/19/2014 - 6:45pm
Craig R.Apparently it's the gamers who are the only victims from GamerGate09/19/2014 - 6:44pm
Sleaker@AE - 1 person getting harassed is a problem. But just because 1 person gets harassed for being a female developer doesn't mean it's a systematic problem or indicative of a whole demographic.09/19/2014 - 6:44pm
Andrew EisenI don't believe anyone said or even remotely implied that harassing anyone was okay.09/19/2014 - 6:41pm
quiknkoldGeneral are being harassed, doxxed, hacked, just because they are being perceived as white males. And what about the White Males who are victims. Its ok to harass them? Anita Sarkeesian gets a bomb threat yeah, but what about the others.09/19/2014 - 6:36pm
quiknkoldwhat about all the gamers who are being harrassed, Andrew. Why does it have to be just about the women in the industry. We have 2 women, and only a handful of accounts recorded. While you could throw a dart at the internet and find a site where Gamers in09/19/2014 - 6:35pm
Andrew EisenOkay, you're talking specifically about harassment of women in the industry. So... how many (or what percentage of) women have to be harassed before you'd consider it a problem?09/19/2014 - 6:27pm
 

Be Heard - Contact Your Politician