The Canadian Who Holds the Key To the Internet 199
drbutts writes "The Toronto Star has an interesting story on how they are securing DNS: 'It's housed in two high-security facilities separated by the North American landmass. The one authenticated map of the Internet. Were it to be lost — either through a catastrophic physical or cyber attack — it could be recreated by seven individuals spread around the globe. One of them is Ottawa's Norm Ritchie. Ritchie was recently chosen to hold one of seven smartcards that can rebuild the root key that underpins this system' called DNSSEC (Domain Name System Security Extensions). In essence, these seven can rebuild the architecture that allows users to know for certain where they are and where they are going when navigating the Web."
Really two different halves (Score:3, Interesting)
The story I read said that any four of these seven must get together at one of these bases. That seems to indicate that each one has half of the key. Two of them, if they were the right two, could do it. But having four out of seven guarantees that you have at least one copy of both halves.
Re:Really two different halves (Score:5, Informative)
Re:Really two different halves (Score:5, Informative)
Looks like you're right; they appear to be using an implementation of Shamir's Secret Sharing [wikipedia.org]
Re: (Score:2, Insightful)
I was thinking something similar to the way RAID6 [wikipedia.org] is implemented, where you have five blocks of data plus two parity blocks so that any two block devices can be missing and all the data can still be reconstructed. This could easily be adapted on a smaller scale to work with key-sharing.
Re:Really two different halves (Score:5, Informative)
Nope. It's common practice in the PKI world to use an HSM which calculates the private key upon startup. The key is not stored anywhere. It's calculated when you start the HSM. It's a function with 7 intersection points with the X axis. Knowing any 4 of the 7 intersection points is enough to calculate the function parameter. That in turn is the actual private key.
RAID has nothing to do with this. The HSMs operate under the presumption that the safest guard for the private key is not to have it at all, encrypted or not. You calculate it only when needed. If the HSM goes down you need a new key migration ceremony in a worst case scenario, and in the best case scenario, just the administrator and operator smart cards to unlock the security world.
This is what is being done at any public CA installed in your browser and at any Publicly signed Enterprise CA.
Re: (Score:2)
All these guys know one another and probably share tips on running private companies, including which banks offer the best safe deposit boxes. They all travel a lot, so they'd be crazy to keep stuff in a personal safe.
I bet all 7 keys are within 5 meters of each other at the 200 Bay office of RBC in Toronto.
Re: (Score:2)
These Ultra Secure Environment things are usually governed by a clear set of policies created for each such project uniquely. The keys are usually not allowed by policy to be in the same geographical area unless so requested by the policy creating authority.
For such an op (strictly speaking it's a ceremony), you should schedule the arrival in advance and securely send all the documentation detailing the process to all participants with time to spare. If the information is valuable enough, the participants s
Re: (Score:2)
Looks like you're right; they appear to be using an implementation of Shamir's Secret Sharing [wikipedia.org]
That sounds like the Arabic version of the Colonel's 7 secret herbs and spices. [kfc.com]
Re: (Score:2)
Seven? SEVEN!? No, man, no! 11's the key number here. Think about it. 7-Elevens. 11 chipmunks twirlin' on a branch, eatin' lots of sunflowers on my uncle's ranch. You know that old children's tale from the sea. It's like you're dreamin' about Gorgonzola cheese when it's clearly Brie time, baby. Step into my office.
Re: (Score:3, Funny)
Of course they should instead have chosen a system where you need 7 of 9 to restore!
Re:Really two different halves (Score:5, Insightful)
Yup. Poor disaster planning.
They've never heard of assured continuity. It's a good plan if all other services are ok. If I read it right, the folks need to gather at a known point. That would assume air travel was still viable. We saw that stop during 9/11. Since they're smart cards, I'm assuming it would require the appropriate smart card readers. If the physical locations where they are to assemble aren't accessible, that makes it a bit rough. They mention two US sites as the places to gather, so civil unrest in the US could severely limit travel. While us Americans are very America-centric, I'm sure the rest of the world wouldn't be totally delighted if their Internet services stopped working just because we were having problems.
If it does take 5 of 7 to restore the key, that could be problematic. They named one. I'm sure brute force decryption (i.e., torture) could find out who at least two others are. So if 3 were taken out of the equation, that leaves 4 to carry on. As time goes on, it would be a shame if the cards were lost. Just because you stuck it in the safe doesn't mean that safe will always be the one you use. People move. Offices change. People die. When Joe-key-holder dies, and his coworkers don't realize what the keys are, they could easily end up in a file box marked "Joe's office stuff", and stuck in storage to be forgotten about after a few years of staff churn.
I don't see it as catastrophic. It's about as rough as when we were told "be sure to update your named.root file." Lots of people did it. Lots of people who should have didn't know. Even if you missed it, it didn't really break anything very much.
Re:Really two different halves (Score:4, Insightful)
I am pretty sure if you are one of the only seven people in the world to be trusted with the responsibility of a certain item, you will just "forget" it when you move.
When you come up with outlandish theories, at least use common sense. It is perfectly possible that the card gets stolen by a burglar who doesn't realizes what it is. And even then it will at least be reported and appropriate measures taken. You seem to have picked up some curious notion that nobody had the foresight to keep a note on the whereabouts and well-being of these individuals("Where are those cards again? I dunno... some dude was supposed to have them. Not sure where they are now, or who they were... we sent them deep undercover you see, to protect them against torture from enemy agents!").
This is just a mere precaution of not keeping their eggs in one basket, since losing the key will indeed be catastrophic to DNSSEC. If anything, it is obviously just one of the many other backups they have.
Re:Really two different halves (Score:5, Funny)
Yup. Poor disaster planning.
More like typical disaster planning.
Re: (Score:3, Interesting)
This wouldn't happen.
While Domain name resolution would stop working, if there was some kind of emergency situation, lists could be published of ip addresses for each site.
Domain name resolution is convenient it isn't required for operation.
The government of the country in question could also fire up their own DNS system and publicly publish the address for it so that citizens could use it.
Re: (Score:2)
If they keys are lost, you just disable the DNSSEC-extensions on all recursive nameservers and everything will work as it currently does. DNSSEC only adds a crypto-validity-check to DNS.
Re: (Score:2)
It all doesn't matter, if the current keys are lost, all that is needed is to generate a new key for the root.
This whole system is only in place so root-key-upgrades can happen without nameserver-administrators needing to do manual changes.
Re: (Score:2)
everything works are before if you turn on the DNSSEC-extensions on your nameserver. Just the validity checks will be off, so you would able to trust the DNS-infrastructure as much as you do now.
Re: (Score:2)
It's not as serious as you make it out to be, as long as one of the seven is Morgan Freeman.
Haven't you learned anything?
Re: (Score:2)
Is it me, or have they missed the most obvious point? I mean even the entire slashdot seems to have missed this point.
Let's say for the moment a bomb or cyber attack does happen. And let's say for the moment they have to reboot. So off they go and the folks from the Pacific have to travel to the US... Yes the US because it appears they have to be there physically.
Does anybody REALLY think that planes will be flying after a bomb or cyber attack? Remember 9/11 folks? Three days or such no plane went into or
Re: (Score:2)
No, I think you pretty much got it, except I didn't quite go into the disaster scenarios. If some idiot screws up the current keys, these guys get a free vacation to the US to rebuild the key. If it's anything worse we'll (oh my gosh) go back to plain old unsigned DNS.
Re: (Score:3, Funny)
But, that's half the fun. Damn.
Re: (Score:3, Insightful)
No, for everything to be totally screwed, the full key held at the two secure facilities in the US would have to be lost or destroyed plus the keys held by three of the "key-holders" would have to be lost or destroyed as well.
Re: (Score:2)
Nothing will be screwed, everything will keep running, you just need to disable the DNSSEC-validity-checks and you'll have DNS just like before DNSSEC was introduced.
Re: (Score:2, Informative)
Re: (Score:3, Informative)
There's no need to split it up so simply. There are ways of splitting up a dataset in 7 such that any 4 can reconstitute it without allowing any handpicked 3 to be able to do so.
An example, where you wanted to require two of three could be accomplished by splitting the key and a random number into thirds. Each party would get 1/3 of the key, 1/3 of the random number and 1/3 of the XOR of the two. Then any two can determine the whole key (assuming they knew which one of their thirds each section was, of c
Re: (Score:3, Insightful)
Or even better, use a cryptographically secure secret sharing scheme, [wikimedia.org] and use the shared secret as a symmetric key to encrypt whatever other data if necessary. Then (if I'm interpreting your post correctly) you wouldn't have to worry about which parties got which segment of the key. In fact, I believe that's just what they're doing. Bruce Schneier had a post on it [schneier.com] the other day.
My first thought... (Score:5, Funny)
Earth! Fire! Wind! Water! Heart!
It'd be awesome if they yelled that out as they each scanned their cards.
Re:My first thought... (Score:5, Funny)
com! net! org! tv! biz!
Captain DNS and the Resolveteers!
Re: (Score:2)
Oh and Ritchie, you get to wear this. When you're on duty, that is.
"Do I have to?!"
Shall we go over this again? It happens at every Secret Session.
"'Secret session?' Just call them meetings, for cryin out loud!"
In an abandoned underground bunker somewhere, the Captain mentally goes to his quiet place...
Re: (Score:2)
So, you're saying love is the fifth element?
Re: (Score:2)
Earth! Fire! Wind! Water! Heart! So, you're saying love is the fifth element?
Actually it's more like communing with animals. (Insert preemptive "getcher minds outta the gutter" here.)
Re: (Score:2)
It's 4 out of 7 to get the key that can decrypt the backup. The backup is not in the hands of the 7,so they cannot do anything by themselves!
Re: (Score:2)
The story I read said that any four of these seven must get together at one of these bases. That seems to indicate that each one has half of the key. Two of them, if they were the right two, could do it. But having four out of seven guarantees that you have at least one copy of both halves.
Don't forget the two complete sets that I have in a shoe box next to my underwear.
Re: (Score:2)
The attacker would have to make sure to kill 3 of them (or the cards they carry) to defeat this scheme.
Not good (Score:5, Insightful)
The internet is supposed to be able to repair itself. You know, route around damage and stuff? This all sounds as fragile as our transportation system when merely threatened with an explosive device, bringing it to a complete halt. Is our entire food supply this flimsy?
Re: (Score:2)
Is our entire food supply this flimsy?
Nothing is immune from attack. Some attacks might take more thought, but are no harder to pull off.
Re:Not good (Score:4, Funny)
Think about it, if walmart lost their supply chain, probably 1/3 of Americans would die of malnutrition within a week, or gain 50kg from the take out consumed.
To be honest, the "internet" would keep going, and does indeed route around damage, but the "web" would have the computer version of a stroke if you dropped the root DNS.
Re:Not good (Score:4, Funny)
Walmart is nutritious AND less calories than take-out?! BTW, Americans don't gain kg, pounds or lbs, sure, but not kg.
Re: (Score:2)
And the ordinary grocery is as cheap as it gets. Try comparing nutrition contents between generics and the name-brand sometime. It's amazing how different they can be.
Re: (Score:2)
Never saw brand name cauliflower
Re:Not good (Score:5, Informative)
The internet is supposed to be able to repair itself. You know, route around damage and stuff?
The internet will continue to work fine. This only impacts DNSSEC and the ability to rebuild based on the private key distributed on those smartcards. If all 7 get assassinated and their smart cards hacked to bits with no backups, we can still revert to plain old DNS.
Wheeeeeh! (Score:2)
I had just been handed the assignment, from the World Domination Society, to plan the covert murders of all seven. Now I realize it won't be necessary.....at least not at this time.
[Amerika is Skynet]
Re: (Score:3)
Re: (Score:3, Interesting)
that is a feature of IP, not a feature of DNS. The article is about DNS, or more specifically, about DNSSEC.
very few today use straight up IP addresses to access a service (heck, a lot of services are potentially housed under a single IP, but you get the one you want thanks to the browser telling the server what domain name you entered), and DNSSEC puts a extra layer of verification that you get the correct IP when you enter a domain name.
That would mean... (Score:2)
That would mean that any successful attack on the system would have to include the kidnapping/assassination of at least six of these people. Plan for seven hits--the attackers could completely botch one attempt and still be successful. Pretty good odds.
Nice of them to provide names.
We don't live in the movies (Score:5, Insightful)
The world is not full of evil organizations who are thoroughly evil, yet well funded, that run around doing evil for its own sake. The likelihood of someone blowing up both facilities and kidnapping the people who hold the cards just to try and take down DNSSEC is pretty unlikely. I think this is more likely protection against hacking (which is much safer) or a gigantic mistake. Always good to ask the question "If everything fails, how are we going to rebuild it?" That's what this is.
Please remember that vast kidnapping conspiracies and so on require a lot of people acting in concert. That is hard to keep hidden. What's more in this case you'd be talking about something all over the world. You are also talking about something that would draw the wrath of the most powerful nations out there. The US (who holds the facilities), the UK, China, etc. It doesn't work like in James Bond where the baddies contact the government and they have to knuckle in unless a lone agent can bring them down. What happens is the governments send in hundreds of heavily armed, highly trained, soldiers that will kill or capture anyone who is involved, or perhaps just as likely simply destroys the building they are in with a well placed smart bomb from a bomber you cannot see.
The idea here seems to more be a final redundancy against a systems failure, but one where a single person can't go rogue and cause a problem.
So please, stop with the paranoid movie plots.
Re: (Score:2)
12-21-2012, the World wide intertubes crashes and now an international team of super hackers/spies must quickly move to find and safely bring together the seven cards before The Inventor (Al Gore) allows one ACTA to rule them all
hmmmm.......me thinks I should open up Celtx and start writing...
Re: (Score:3, Funny)
So please, stop with the paranoid movie plots.
You have to admit this does provide the basis for a pretty good movie plot... I predict that Jason Bourne (or Robert Langdon, or Richard Stallman) will be trying to save at least 5 of these people on screen within a few years.
Re: (Score:2)
Eh, maybe. That's perfectly reasonable of course, and they should have exactly that planning. But they're taking some strange precautions if that's all they're guarding against. Why physically separate the cards? That's just going to make any effort to restore after a gigantic mistake take even longe
Re: (Score:2)
The trick is we have 2 concerns
1 disaster recovery (the hot copy gets destroyed)
2 ensuring security
If anybody wants to somehow compromise the system they would need to somehow gets hands on the keyset. Given that these persons are "targets of opportunity" i would bet that various TLAs know exactly where each of these folks are at any given time.
So we have the possibility that in an attack Norm Ritchie goes missing then depending on the lag time every TLA in the area gets their hands on the other six on a "M
Re: (Score:2)
The world is not full of evil organizations who are thoroughly evil, yet well funded, that run around doing evil for its own sake.
Alternatively, one or more of these evil-for-evil's-sake, well funded organizations do exist, and have just convinced you that they don't exist. Had you been wearing my tinfoil hat, that wouldn't have happened.
Re: (Score:2)
I love writing paranoid movie plots. I can give the fun details, without having to drag it out to be a feature length film, or even a single television episode.
In my next episode, the secret evil government agency will start kidnapping Slashdot users with low UID's (see, you're safe), and post disinformation on their plans here, so anyone who thinks they know something about a secret government conspiracy can be written off as it b
Re: (Score:2)
What happens is the governments send in hundreds of heavily armed, highly trained, soldiers that will kill or capture anyone who is involved, or perhaps just as likely simply destroys the building they are in with a well placed smart bomb from a bomber you cannot see.
Caught Bin Laden yet? Stopped Al-Qaeda yet?
Re: (Score:2)
Plan for seven hits--the attackers could completely botch one attempt and still be successful.
It's a 4-of-7 recreation set. You only have to knock out four to prevent the key being rebuilt. You also don't have to kill them -- just prevent them from remembering their passwords.
Re: (Score:2)
And then you have to engineer some reason for the current key to be expired early.
Re: (Score:2)
Assassination is cheap. Kidnapping is expensive.
All a working assassination takes is one nutjob with a gun. He doesn't even have to escape, if he's crazy enough. It really doesn't even require a gun, but it's much easier to pop a person than to do it in a whole variety of manual ways. Of course, people look at movies and think of all the other options. "We could plant a pound of C4 under his car, and detonate it with a cell phone." Ya, good luck there, First you have to
Re: (Score:2)
I'm a little worried that you are so familiar with these topics. Please wait, police are enroute.
Re: (Score:2)
Well, supposing you buy the detonator along with the C4, you just need an electric charge, right? Just get the phone's ringer or vibration motor and cut the wires.
Maybe it's more difficult, but many of the people who have used it where not electrical engineers by any means, so it must not be terrible difficult.
Oh, that I know how to solve.
1) Get a cheap Nokia.
2)
Re: (Score:2)
Actually, if I know C4 and it's detonators right, the electrical charge goes to the small primer explosive, which detonates the whole package. I'd assume the vibrator motor could provide sufficient power, but it may need to trigger a relay to provide power from a larger power source (like a pack of D cell batteries). It makes "what wire do I cut" a lot easier. :)
Re: (Score:2)
Nicky Santoro: [voice-over] A lot of holes in the desert, and a lot of problems are buried in those holes. But you gotta do it right. I mean, you gotta have the hole already dug before you show up with a package in the trunk. Otherwise, you're talking about a half-hour to forty-five minutes worth of digging. And who knows who's gonna come along in that time? Pretty soon, you gotta dig a few more holes. You could be there all frekin' night.
Re: (Score:2)
> The US has 12 reserve banks, and there are about 8,100 tonnes of gold in them
Hmm that's about 310 billion US dollars, or about 26 billion per bank.
I think the investment bankers help lose a lot more money than that ;).
The Federal Reserve also secretly loaned out more than that:
http://www.google.com/search?q=+site:www.bloomberg.com+federal+reserve+trillions [google.com]
So I think there are ways to make a huge profit and do it far more safely and legally[1] than robbing banks.
[1] Yes there's some relativeness - even
Re: (Score:2)
Yup, the real secret is to become a bank, and then take gov't money for your bank.
Re: (Score:2)
Oh, I'd love to write for someone like them. :) I can come up with all kinds of fun conspiracies, and ways criminals can do things. Talking to friends, I've worked through all kinds of different scenarios for crimes. Not that I'd do them, because I know my luck and I'd get arrested on the way to committing it. :) In the fictional contexts, it doesn't matter if the bad guy gets away or gets caught, I'm still free, and no one gets hurt.
I'd get bored though. Not with writing co
Re: (Score:2)
Nice of them to provide names.
When the Hope Diamond was moved from from South Africa to England they made a big deal about it, sending a whole fleet of Royal Navy ships to protect it.
Only the diamond wasn't on any of the ships. It was sent parcel post through standard shipping channels. The fleet was just a diversion.
This guy may be one of the ships protecting the DNSSec key...
If all seven get together do they become Voltron? (Score:2, Funny)
Or do they summon Captain Planet? ...or Wilford Brimley?
Re: (Score:2)
Or do they summon Captain Planet? ...or Wilford Brimley?
Gozer of course. "Are you the keymaster ?"
seven? nine? three? (Score:5, Funny)
Ritchie was recently chosen to hold one of seven smartcards that can rebuild the root key that underpins this system' called DNSSEC (Domain Name System Security Extensions).
I thought the dwarves got seven cards. And, the humans got nine... and the elves three. Or, am I mixing something up?
Re: (Score:2)
And Al Gore got one to rule them all? Hmmm....whiskey and slashdot don't mix well....
Re: (Score:2)
Re: (Score:2)
No no, you've got it right. It's just that, well, Ritchie's not all that tall, and he's got a beard...
007 (Score:3, Funny)
I see a new James Bond movie in the making here...
I'm sorry.... (Score:2)
but this reads like an intro to a bad cyberpunk novel/movie....
Seven, heh ? (Score:5, Funny)
One Card to rule them all, One Card to find them,
One Card to bring them all and in the darkness bind them
Article Omega (Score:2, Funny)
This, Jen, is the internet (Score:5, Funny)
Jen: What is it?
Moss: This, Jen, is the Internet.
Jen: What?
Moss: That's right.
Jen: This is the Internet?
[Moss is nodding his head]
Jen: (suspiciously) The whole Internet?
Moss: (agreeably) Yep. I asked for a loan of it, so that you could use it in your speech.
[Roy enters the room.]
Roy: (irritated) Hey! What is Jen doing with the Internet?
Jen: Moss said I could use it for my speech.
[Roy speaks to Moss in an edgy way.]
Roy: Are you insane? What if she drops it?
Jen: I won't drop it, I'll look after it.
Roy: No. No, no, no, no, Jen. [Takes the box back from Jen.] No, this needs to go straight back to Big Ben.
Jen: Big Ben?
Moss: Yep. It goes on top of Big Ben. That's where you get the best reception.
Jen: I promise I won't let anything happen to it.
Roy: No, Jen, I'm sorry. [Jen becomes woeful.] The elders of the Internet would never stand for it.
Re: (Score:2)
The elders of the Internet would never stand for it.
... and then they built the supercollider.
--
Your signature actually makes sense here.
Re:I don't care if you are from Iran (Score:2, Informative)
Re: (Score:2)
Sure, there are seven of them now... (Score:2)
...but there can be only one.
Seven (Score:2)
Here are the first three things I though after reading this. None are good...
East & West coasts only (Score:2)
One secure sight in Culpeper, VA; the other site in El Segundo, CA. These sites both seem rather exposed to attack, compared to the vast interior of America. Why no secure site in the empty, hard-to-bomb middle of the country?
Also, check out the googlemap of El Segundo [google.com] -- it's right next door to a buttload of chemical (gasoline?) storage tanks. I've heard there's a risk of those things going "boom" in a real real nasty way, if some smallish explosion sets them off. Seems like a kinda shitty spot to loca
Re: (Score:2)
Okay, so that's about a mile away from the storage tanks. Any idea what the blast radius on one of those things is, should it get ignited?
My basic point is: c'mon, put this stuff somewhere isolated & easy to protect. At least the Culpeper site looks to be in the middle of BFE, which has to be kinda useful from a security perspective.
Re: (Score:2)
Minimal. Gasoline doesn't explode the way cars do in movies.
Seven to the Canadians in their Halls of Snow (Score:5, Funny)
(But in secret, another smart-card was made - one that could rule all the others...)
A British key-holder giving and interview (Score:3, Informative)
Odd Man Out? (Score:2)
nice guy (Score:2)
I used to work with/under Norm (he was my boss) and he's a great guy! When I worked with him he wasn't a Keeper of the Key but he was still pretty cool
You couldn't just find everyone? (Score:3, Interesting)
Perhaps I don't have a grasp on how the Internet, TCP/IP, etc. work.
But it seems to me, if you turned loose a spider that wandered around (from 000.000.0000 to 999.999.9999) and queried EVERY IP out there ... wouldn't you end up with a complete structure of which IPs were active, which were not, and some sort of identification for each and every one of them? And what was connected to what (to rebuild routing tables. Especially if the IP host actually responded with some sort of ID?
For that matter, that identification could be done after the fact, ne? "Dude, if you're an active IP, send an email to this site with your IP and this completed DNS form. You won't be on the active list until you do."
Bidda boom, bidda bing.
Besides, this is just a plain old database anyway, isn't it? Just back up the damned thing.
Re:You couldn't just find everyone? (Score:4, Informative)
1) Yes, you could [isi.edu].
2) When you have a workable method for sending a postcard to every IP address, let me know. Mapping IP address to street address is a neat trick if you can pull it off. Just don't rely on WHOIS, for obvious reasons.
Really Stupid Idea (Score:2)
Just store it in Poland.... (Score:2)
Re: (Score:2)
You may know. I may know. Most of us may know. There are still a lot of people out there who don't understand how any of this works. To them it's just like magic.
LK
Re: (Score:2)
Some of us like to remain informed.
Re: (Score:2)
Some of us like to remain informed.
Except this is only "information" in so far as it is the latest plot device made real by the idiots in charge. That means this is a social engineering exercise, (a variation on basic propaganda).
Learn to spot the difference. It's important.
In any case, the delivery needn't be couched in endless, pedantic terms of "Terrorist Attack". I can hardly believe people haven't figured out yet that they're being manipulated. How stupid does a person have to be to not get that simple fact at this late date?
-FL
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
Dan Kaminsky got a key,
Paul Kane [cdns.net] got one,
the others well geograpically distributed [geekosystem.com] make the international resque team complete.
Trinidad & Tobago (Score:3, Insightful)
The one from Trinidad & Tobago, duh.
Gi is from China, Kwame is from Burkina Faso, Linka is from Czech Republic and Wheeler is from USA.
But, adding Paul from UK and Ritchie from Canada is a bit Anglo-centric and ridiculous.
Those are not even two different countries, let alone continents.
Re: (Score:2)
Wait. Canada and the UK aren't separate countries, and let alone on different continents. Man the drift has really been warming up this year, and running backwards.
Be right back, walking across the atlantic pond.
Whooosh! (Score:2)
Well, it IS rather obvious for most of us that Canada is just pretending to be a separate country from the rest of the British Empire just to keep the pea soup eaters from revolting. [imdb.com]
Ridiculous I know, but stranger and more pointless things have been done by British monarchs before.
Like that time they decided to just give up on the entire lower part of the North America - over a couple of cups of tea.
And despite that old saying that the Sun never sets on the British Empire, that does not make it a continent.
LOTR (Score:2)
One Card to bring them all and in the darkness bind them
In the Land of Canada where the Shadows lie.