Seven People Hold the Keys to the Internet, Literally

July 29, 2010 -

In the event a cyber attack cripples the World Wide Web, seven members of a “chain of trust” have been given the responsibility of restarting the Internet, with each individual armed with a key.

The key holders include one member from each of the following countries: Britain, the U.S., Trinidad and Tobago, Canada, China, Burkina Faso and the Czech Republic.

According to PopSci.com
, five of the seven would need to gather at a U.S. base with their keys in order to restart the Internet.

PopSci further described the keys:

The keys are actually smartcards that each contain parts of the DNSSEC root key, which could be thought of as the master key to the whole scheme. But it is interesting to know that there is a group of individuals out there that hold actual, physical keys that would reboot the Internet as we know it.

A video on the CommunityDNS website shows the keys and provides more background information on how they function. CDNS CEO Paul Kane was appointed by ICANN as one of the seven individuals, dubbed Trusted Community Representatives (TCR).


Comments

Re: Seven People Hold the Keys to the Internet, Literally

I'm surprised China has a key, what with the Great Firewall and all

岩「hey Glenn Beck, I heard you oppose Net Neutrality, so we blocked your site.」

岩「…I can see why Hasselbeck's worried about fake guns killing fake people. afterall, she's a fake journalist on a fake news channel」

Re: Seven People Hold the Keys to the Internet, Literally

Albert, with the power of Online Gaming!

Howard, with the power of Embedded Videos!

John, with the power of Political Forum Flame-Wars!

Stacey, with the power of Rumors About Girls On The Internet!

Chris, with the power of the Chan Boards!

Jamal, with the power of YTMND!

And Ma-ti, with the Power of Heart!

By your powers combined, I am TED STEVENS.

Re: Seven People Hold the Keys to the Internet, Literally

This is too stupid to be fake.  

Pwnage of Empires

Re: Seven People Hold the Keys to the Internet, Literally

So...hypothetically...if kidnapped these men...took their keys... then shutdown the internet...

THE WORLD WOULD BE AT MY MERCY!!! I'll give back the internet for... 1 million dollars!!! MUHAHAHAHAHA! AHAHAHAHAH! ahahahhahaha! hahaha! eh.

 

 

"The difference between genius and stupidity is that genius has its limits." -Albert Einstein

"The difference between genius and stupidity is that genius has its limits." -Albert Einstein

Re: Seven People Hold the Keys to the Internet, Literally

'Britain, the U.S., Trinidad and Tobago, Canada, China, Burkina Faso and the Czech Republic.'

 

These are the countries that get the keys really?  1 is a communist dictatorship, and 3 are basically irrelevant.  This is stupid.

I mean, the idea itself is stupid, but still..

 

Re: Seven People Hold the Keys to the Internet, Literally

The countries are not receiving the key.  Specific people are receiving either access to the keys that unlock the key (TCO's) or key shares - parts of the key that can be used to reconstitute the key if it is lost.  The key itself is safely locked away.

Be careful what you call stupid.  Without DNSSEC signing the root delegations down to 'www.yourbank.com', you are highly vulnerable to attack.  In recent years, with the Kaminsky vulnerability for example, we have done our best to protect the operating DNS from incursion - using tricks and hacks to make incursion harder - but any solution short of DNSSEC is a temporary one.

Re: Seven People Hold the Keys to the Internet, Literally

I get that, but at least three of those people are from countries that have little to no worth that I'm aware of to the international community.

It'd be like giving the key to an African tribemsen; it makes no freaking sense.

Re: Seven People Hold the Keys to the Internet, Literally

Forgive me for saying, I do not think that you do get it.  Imagine if you knew an African tribesman who contributes code to open source projects on a regular basis, participates in IETF protocol documentation and definitions, and generally advances the state of the art in Internet services in his home country (making the Internet deployable and reachable by his countrymen so that they can be enriched by it)?  A man who has a long standing reputation as being honest and trustworthy?  Would it seem so strange that this individual is selected?

I can't imagine what three you are referring to.  TT and BF maybe (and I admit I don't know those two men, but I assume they are involved in advancing their respective country's abilities to connect), but what is your "at least 3" 3rd?  CZ has hosted one and is hosting another IETF this year, at a time when US megacorporations refuse to do so (due to suddenly losing their marketing budgets to recession), and Ondřej's contributions to the open source and DNS communities are manifold.  CN couldn't possibly make your list of "backwards countries" because they have by vast majority the most Internet users of any nation, and their contributions are manifold - CNNIC has been instrumental in this very work.

People are not caricatures of the countries they reside in.

Re: Seven People Hold the Keys to the Internet, Literally

But they were all of them, deceived, for another key was made...

 

Re: Seven People Hold the Keys to the Internet, Literally

Isn't that precious...  ;)

Re: Seven People Hold the Keys to the Internet, Literally

So you need 5 out of the 7 keymakers to be able to reload the Matrix?

Re: Seven People Hold the Keys to the Internet, Literally

I'm not saying this is true, but if it is they better have kept al lthose key holders anonymous. It wouldn't just be the obvious terror groups who would have an interest in gettign their hands on such an items.

Re: Seven People Hold the Keys to the Internet, Literally

No.  The process is needfully transparent, which means the TCO's and RKSH's are a matter of public record.

http://www.root-dnssec.org/tcr/selection-2010/

I am proud to say that I have worked with 7 of the people listed and they are admirable people you can put your faith in.

Re: Seven People Hold the Keys to the Internet, Literally

Either I've become completely out of touch with how the Internet actually works, or this sounds like a heaping pile of crap.  "Reboot the Internet?"  Isn't the web just a series of millions of individual servers, each acting independantly to swap data packets over established telecommunication networks, from literally every region of the world?  How could you possibly "reboot" that, how does that even make sense?  Are they saying they have backup copy of the entire contents of every server in the world, and they can just turn a key to redownload it all everywhere at once?????

 

EDIT:  Ugh, I really need to click on the links provided before responding to an article.  Nevvermind all the above.  I'll just leave it up there to remind myself of my own idiocy.  :p

Re: Seven People Hold the Keys to the Internet, Literally

 It is a rather melodramatic way of describing it....

It is also a rather strange image since the whole point of the original design for the internet (i.e. from its ARPANET days) was that it could survive attacks on pieces of it (i.e. nukes) and still keep the remaining pieces connected and able to communicate with each other.

Which the modern internet is still quite capable of doing.....

Re: Seven People Hold the Keys to the Internet, Literally

I have since thought about the whole "kill switch" thing, and now I'm even more confused.  The kill switch basically is just a dramatic way of saying that they turn off the telecommunication networks so a critical cyber attack cannot spread anymore.  Why would you need to give 7 different people from around the world the responsibility of turning it back on?  Why couldn't the people who turned them off in the first place just do it themselves?  Is there some security risk I'm missing here, where we can't trust the people in charge to do it?  If so, why do we trust them to turn it off in the first place?  Also, the kill switch only applies to the US, since the President would really only have the authority to tell telecommunication companies based in this country to switch off, nowhere else.  So why give the "keys" to people all around the world?  And then they all have to gather back here in the US to use them?  What is the point of all that?

Not to mention, how the government plans to function during a crisis, with all communications offline.  You can't "just" turn off the internet, as long as phone and tv cable lines are still working, packets of data can still be passed.  So you have to turn the whole damn thing off, leaving everyone completely isolated.  Unless they plan on running everything with shortrange radios.  I don't know, this all seems incredibly stupid and not thought out....

Re: Seven People Hold the Keys to the Internet, Literally

The "kill switch" is unrelated to DNSSEC or the need to recover DNSSEC KSK's (Key-Signing-Key).  The recent executive powers discussions to disable networks is an access issue, whereas the DNS root zone (and thus the mechanics of signing and trusting the signatures of the root zone) is a service you would want to access.

The root DNS zone (that delgates to .com, .net, and the various CC-TLD's) is now signed with DNSSEC.  This has been a twenty year program to secure the DNS from spoofing or brute force transaction-ID insertion attacks (a la Kaminsky).  The problem posed by cryptography is where you anchor your trust.  What sort of cryptography and what key do you trust, and who has access to it?  The problem posed is that it is not enough for a key to exist - if that key can be subverted, then you don't actually have something you can trust effectively.  If the key can be destroyed, then you don't have a reliable system you can put your faith in to operate without significant flaw.

So you have to lock away the private key in a safe place.  But for the community to have trust in that key, you have to have a compelling story about why that private key can't be subverted by e.g. one person acting alone.

So you have ICANN's key policy, which involves people they call "TCO's" to govern access to the KSK for ZSK purposes, enabling ICANN to extract the key from the safe for a signing event before putting it away.  And RKSH's should the hardware the KSK is stored on should fail, or succumb to natural disaster - for recovery of the private key.

TCO is 'Trusted Cypto Officer'.  Several times a year, the KSK (Key Signing Key) of the root zone needs to be unencrypted so that it can sign new ZSK's (Zone Signing Key).  TCO's each hold a part of the key to perform this operation, from memory I believe only 3 of 7 of one set of TCO's is required to perform this operation.  There are two sets of 7 TCO's, 14 total, each 7 corresponding to one of the two key safe facilities on the East and West coast.

RKSH is Recovery Key Share Holder.  There are only 7 of these, global to both facilities.  Each RKSH carries a portion of the KSK, and if I remember from Joe Abley's presentation correctly only 5 of 7 are required to reassemble the key should it be lost.  Note that this just recovers the original KSK private key.  It does not solve the problem of incursion.  If someone cracks the key, what you need is a new key.  Recovering a copy of the old key does not help.

This is where people get confused.  It is not tacitly required that the 7 RKSH's must assemble in one of the two key safes to recover the key.  They could theoretically assemble anywhere.  In practical terms, because ICANN is under contract to the US Department of Commerce, I would expect that the RKSH's would assemble in a new US key safe facility if both of the old US facilities had succumbed to some natural disaster or destruction.

Note finally that the RKSH's would not be needed until or unless the ZSK's expire.  The loss of the key safe facilities does not "break the Internet."  It just disables ICANN's ability to "key roll", or produce new ZSK's signed by the KSK.  The old ZSK's will continue to function just fine for as long as the keys are valid (I haven't looked, but it is anywhere from several months to several years).

Re: Seven People Hold the Keys to the Internet, Literally

why do they have to meet in the US? why not any of the other countries?.

can the "hero" assemble 5 of the 7 keys and weild the master key once more in time to save the internet and rescue the princess. The legend of Zelda: KEYS OF THE INTERNET.

Re: Seven People Hold the Keys to the Internet, Literally

At the IETF 78 meeting in Maastricht (where I am sitting right now), at the first DNSOP meeting, Joe Abley and another man I can't remmeber his name offhand presented a nicely detailed explanation of how the key systems work and the reasons for the precautions to recover the keys in the event of catastrophe.

There are two key safes in the US, one on each coast, and you have to understand that ICANN and Verisign operate the root DNS zone under contract - to the US Department of Commerce.

So brining us back to your question:  The reason it had to be a facility in the U.S. is because that is a requirement stipulated by the US Department of Commerce.

Re: Seven People Hold the Keys to the Internet, Literally

Or, the UN?

Or, hey!  FREE RIDE TO THE INTERNATIONAL SPACE STATION!  Woo hoo!  :D

Nightwng2000

NW2K Software

http://www.facebook.com/nightwing2000

Nightwng2000 is now admin to the group "Parents For Education, Not Legislation" on MySpace as http://groups.myspace.com/pfenl

Nightwng2000 NW2K Software http://www.facebook.com/nightwing2000 Nightwng2000 is now admin to the group "Parents For Education, Not Legislation" on MySpace as http://groups.myspace.com/pfenl

Re: Seven People Hold the Keys to the Internet, Literally

Isn't the UN in New York?

Re: Seven People Hold the Keys to the Internet, Literally

But how will they book their flights to the US if all the online booking sites are down?

Re: Seven People Hold the Keys to the Internet, Literally

I preferred The Telegraph's take on the story, which included this video: http://www.youtube.com/watch?v=D-0WpVukLGQ

/b 

Re: Seven People Hold the Keys to the Internet, Literally

This so needs to be a quest in the next FallOut game.

Re: Seven People Hold the Keys to the Internet, Literally

Since a good chunk of each game is a quest to give humanity a small stepping stone to get bakc on their feet, yes, yes it does. I do wonder if in New Vegas there will be any implications i nthe Mojave from Project Purity n the Capital Wastes

Re: Seven People Hold the Keys to the Internet, Literally

There may be references to it, but I doubt it. The whole point of New Vegas is for most of the original designers to do a true FallOut sequel.

Venturing across the wasteland to find the keys would be like in the "You gotta shoot 'em in the head" quest in FO 3 (Where you have to steal \ find keys for the fort for Mr Crowley), but there could be a twist where the quest giver just wants access to porn. :D

Re: Seven People Hold the Keys to the Internet, Literally

And if everything else fails, they will have to send link...

 

Seriously? Why seven people around the world? Sounds like the argument of a nerd movie.

------------------------------------------------------------ My DeviantArt Page (aka DeviantCensorship): http://www.darkknightstrikes.deviantart.com

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
E. Zachary KnightSo they figured out how to share CPU cycles between pools and their advanced emotions engine? Sweet.10/01/2014 - 2:53pm
MaskedPixelantehttp://www.joystiq.com/2014/10/01/ghosts-pools-darth-vader-coming-to-the-sims-4/ Pools no longer impossible.10/01/2014 - 2:06pm
james_fudgeDon't eat angry.10/01/2014 - 1:49pm
E. Zachary KnightI am pretty hungry. I feel like I could smash some supper. Not sure if I am up for making a collage though.10/01/2014 - 1:00pm
Matthew Wilsonhttps://www.facebook.com/SmashBrosEN/events What a weird idea. Nintendo will be bringing Supper smash brothers for 3ds and wiiu to collage football games.10/01/2014 - 12:52pm
PHX CorpI'll give the hosting 2 Streams on twitch a spin during extra life marathon10/01/2014 - 12:41pm
james_fudgequiknkold:: oh yeah which games?10/01/2014 - 11:20am
Andrew EisenInfophile - Your comment is on the second page. Scroll to the bottom and click "Previous Entries."10/01/2014 - 9:55am
MaskedPixelantehttps://time.com/3450854/amc-netflix-imax-crouching-tiger-hidden-dragon-boycott/ Theatres refuse to show the new Crouching Tiger movie because... well, I'm sure they've got a good PR spin reason, pick one.10/01/2014 - 9:06am
IanCForza Horrizon 2 isn't even out yet, but theres already a 31 car DLC pack, along with a season pass....10/01/2014 - 8:42am
quiknkoldstarting my Halloween Spooktacular Stream today. Every day from 7-11, I'm going to be streaming Spooky games on Twitch.10/01/2014 - 8:37am
MaskedPixelanteSteam is going to start charging us Canadians in CAD. This is bad news... for people who don't use key sellers like GMG and GamersGate.10/01/2014 - 7:23am
InfophileSomething weird was going on with that comment. As soon as I posted it, it looked like it had replies from the past. And now I can't even find it. Ah well, it was getting off-topic for that thread anyway.10/01/2014 - 4:29am
Sleaker@CraigR been using Win8.1 for a while, I don't really see any usability difference between it and 7 (Work uses 7)10/01/2014 - 2:16am
Craig R.Ok, my internal debate was short-lived. If Win10 is still a year out, I'm not waiting that long for an SSD, so on Win7 I will remain.09/30/2014 - 7:52pm
Matthew Wilsonits called windows 10, and I am happy to get the start menu back.09/30/2014 - 7:18pm
Jessy HartIs this stuff about Windows 10 legit? Is it actually called Windows 10 or is it just some stupid joke?09/30/2014 - 6:57pm
ZippyDSMleeSo I been trying to play Bioshock Infinite I got all the DLC,ect but do not want the extras to make your charatcer over powered from the start.....they force you to take them which is quite annoying......09/30/2014 - 6:45pm
Craig R.I need to upgrade to an SSD, still seriously debating moving to Win8.1 from 7 at the same time09/30/2014 - 6:07pm
Craig R.Win10 is probably Win8.1 with more cleanup and the Start button back.09/30/2014 - 6:06pm
 

Be Heard - Contact Your Politician