The Canadian Who Holds the Key To the Internet 199
Posted
by
Soulskill
from the hope-nothing-breaks-during-hockey-season dept.
from the hope-nothing-breaks-during-hockey-season dept.
drbutts writes "The Toronto Star has an interesting story on how they are securing DNS: 'It's housed in two high-security facilities separated by the North American landmass. The one authenticated map of the Internet. Were it to be lost — either through a catastrophic physical or cyber attack — it could be recreated by seven individuals spread around the globe. One of them is Ottawa's Norm Ritchie. Ritchie was recently chosen to hold one of seven smartcards that can rebuild the root key that underpins this system' called DNSSEC (Domain Name System Security Extensions). In essence, these seven can rebuild the architecture that allows users to know for certain where they are and where they are going when navigating the Web."
Re:Really two different halves (Score:5, Informative)
Re:Really two different halves (Score:5, Informative)
Looks like you're right; they appear to be using an implementation of Shamir's Secret Sharing [wikipedia.org]
Re:Really two different halves (Score:2, Informative)
Re:Really two different halves (Score:3, Informative)
There's no need to split it up so simply. There are ways of splitting up a dataset in 7 such that any 4 can reconstitute it without allowing any handpicked 3 to be able to do so.
An example, where you wanted to require two of three could be accomplished by splitting the key and a random number into thirds. Each party would get 1/3 of the key, 1/3 of the random number and 1/3 of the XOR of the two. Then any two can determine the whole key (assuming they knew which one of their thirds each section was, of course). It's generalizable to 4 of 7.
Re:Not good (Score:5, Informative)
The internet is supposed to be able to repair itself. You know, route around damage and stuff?
The internet will continue to work fine. This only impacts DNSSEC and the ability to rebuild based on the private key distributed on those smartcards. If all 7 get assassinated and their smart cards hacked to bits with no backups, we can still revert to plain old DNS.
Re:I don't care if you are from Iran (Score:2, Informative)
Re:Really two different halves (Score:5, Informative)
Nope. It's common practice in the PKI world to use an HSM which calculates the private key upon startup. The key is not stored anywhere. It's calculated when you start the HSM. It's a function with 7 intersection points with the X axis. Knowing any 4 of the 7 intersection points is enough to calculate the function parameter. That in turn is the actual private key.
RAID has nothing to do with this. The HSMs operate under the presumption that the safest guard for the private key is not to have it at all, encrypted or not. You calculate it only when needed. If the HSM goes down you need a new key migration ceremony in a worst case scenario, and in the best case scenario, just the administrator and operator smart cards to unlock the security world.
This is what is being done at any public CA installed in your browser and at any Publicly signed Enterprise CA.
A British key-holder giving and interview (Score:3, Informative)
Re:You might want to look up Dan Kaminsky (Score:3, Informative)
Dan Kaminsky got a key,
Paul Kane [cdns.net] got one,
the others well geograpically distributed [geekosystem.com] make the international resque team complete.
Re:You couldn't just find everyone? (Score:4, Informative)
1) Yes, you could [isi.edu].
2) When you have a workable method for sending a postcard to every IP address, let me know. Mapping IP address to street address is a neat trick if you can pull it off. Just don't rely on WHOIS, for obvious reasons.