back to article Reboot key Brit 'ready to save internet'

The Brit charged with holding one of seven digital keys necessary to re-establish a system of trust in the highly unlikely event of a collapse of the DNSSec (DNS Security Extensions) system has spoken of the practicalities of his responsibility. Paul Kane, chief exec of CommunityDNS and chair of the DNS Infrastructure …

COMMENTS

This topic is closed for new posts.
  1. Thecowking

    Dan Brown is going to love this.

    I'll bet Tom Hanks is already cast as the academic who suddenly has to save the world.

    1. I didn't do IT.
      Coat

      Re: Dan Brown is going to...

      Dag nab it! I thought I was going to be the first with the movie idea!

      Though mine is more along the lines of the cards being counterfeited, and the copies substituted for the originals in 5 of the 7's safes... Then the DNSsec system would be "rebooted" under another base server control and no one would realize... UNTIL ITS TOO LATE!

      Step 3: Profit!

  2. Anonymous Coward
    Anonymous Coward

    Reboot key

    I assume that Paul Kane (chief exec of CommunityDNS) was given the key his IT support department ... staffed by two people called Roy and Moss

    1. Loyal Commenter Silver badge
      Coat

      I'm assuming

      It is kept at the top of Big Ben because that is where it gets the best reception.

      1. Anonymous Coward
        Headmaster

        I presume you mean...

        </pedant>

        ..the clock tower, rather than the bell which has that name.

        </pedant>

        1. Anonymous Coward
          Anonymous Coward

          title, citizen!

          @pedant

          That was a quote from The IT Crowd and as such was correct. Take up your badly-tagged pedantry with Graham Linehan although I'm sure he will have a much better comeback than you.

          1. Anonymous Coward
            Anonymous Coward

            Title

            Well who'd a thunk it. A quote from the IT Crowd that wasn't funny. Just like all the other quotes from the IT Crowd.

  3. AndrueC Silver badge
    Joke

    Eh?

    >Instead of Mordor, the key-holders would need to travel to a secure US data centre

    What would be the difference then? Fewer dwarfs perhaps?

    1. Anonymous Coward
      Anonymous Coward

      What would be the difference then?

      1) Mordor border control are much nicer, better with people and more knowledgeable.

      2) Plus once you are in Mordor the beer is better.

    2. Peter Gathercole Silver badge
      Joke

      Data devices into the US

      You can just see it, cant you.

      Paul Kane rolls up to US Border Control in a hurry to take the key to the "Secure IT data Centre in the US. USBC take one look at the smart card, and conclude that it might contain terrorist data or pornography.

      USBC: Excuse me Mr Kane, could you give me access to the information on this memory card

      PK: I'm sorry, the contents are encrypted, and are actually a security key for DNS on the Internet

      USBC: A key for the Internet, you're kidding me. Show it.

      PK: I'm sorry again, but I cannot do that, because if I release it to you, it may compromise the security of DNSSEC

      USBC: Are you refusing to co-operate, and hand over the keys to unlock the data? I'm afraid we're going to have to take it and give it to our experts in the FBI to confirm there is nothing illicit on this card. We'll get it back to you when we are finished. Oh, by the way, we might damage the data while we are doing it.

      PK: ????

      A good job the Internet will continue without them!

      1. Anonymous Coward
        Anonymous Coward

        fixed

        "USBC: Are you refusing to co-operate, and hand over the keys to unlock the data? I'm afraid we're going to tase you silly now"

      2. Anonymous Coward
        Troll

        I reckon

        This guy probably also has Obama's signature on a piece of document and another from the NSA/CIA/FBI somewhere that also allows him to forego security checks in cases of emergency.

        Trolls. I could never tell the difference between them and elves.

  4. Woolly Jumper
    FAIL

    The elders of The Internet!

    ..and why isn't the Hawkmeister himself one of them?

  5. Anonymous Coward
    Anonymous Coward

    So let me see if I understand this...

    if something happens to DNSSec, which is something for doing something, some people will have to go somewhere and do something? Having done that, the original something that happened won't just happen again? Or not? Glad we've cleared that up.

    "in the unlikely event of an attack so serious that the system of trust established by DNSSec has to re-established from scratch""

    What would such an attack involve?

    1. Pete 2 Silver badge

      Expect the unexpected

      > What would such an attack involve?

      No one knows. Though it's a fair guess that whatever it is, it won't be any of the things that were foreseen. Specifically, if the internet's system of trust has broken down irreconcilably, how will this guy - or any of the others, buy a plane ticket to get them to wherever it is they need to be?

      1. Chris Lovell
        Thumb Down

        Seriously?

        >how will this guy - or any of the others, buy a plane ticket

        Because before the internet, nobody was capable of booking flights anywhere!

      2. Britt Johnston
        Grenade

        fresh start, lean infrastructure

        Rent a seat on boarding the plane. The IT was only there for past and the future tracking, and provided data to different security interests who thought they needed to know.

        If we could get ther airlines sorted just by crashing the internet, go for it .

    2. copsewood
      Boffin

      What would such an attack involve?

      Compromise of the secret root-zone signing key associated with the widely known public part of this keypair, followed by the publication and circulation of a self-signed revocation certificate for the root zone key.

      In practice as most DNSSEC clients will rarely need a top level domain (TLD) key that isn't more locally cached, if the root zone trust can be reestablished with this procedure within a week or so, most clients would rightly continue to trust the cached TLD keys so most Internet users and services wouldn't notice. Nothing to prevent clients establishing trust anchors elsewhere in the hierarchy, e.g. at frequently used TLDs or other frequently used domains.

  6. M7S

    If the interweb is really that stuffed

    How will he book his flight?

    - Website down.

    - Call centre (voip) down

    Or does some black helicopter operating agency scoop him up and take him to a waiting lear jet?

    I'm genuinely interested to know if there is a plan for his travel as whilst the world worked OK before the internet, and should do so without it, things might be a little disrupted for a while, and if they're very disrupted, the authorities may have more pressing "civil" issues than getting the magnificent 7from wherever they are (holidays, work travel etc) to the US.

    1. Gaz Jay
      Thumb Down

      Read again please.

      Specifically the part that the Internet would not collapse. It would still operate only that surfers would not be able to validate that the website that they were visiting was genuine.

      He might get conned into booking a flight on a spoof website... but he would still be able to book actual flights over the net and VOIP would still work.

      1. Velv
        FAIL

        "fundamental catastrophic failure"

        While they CLAIM the internet would continue and everything would work without being able to validate, the very words they use would indicate this is not the case.

        "fundamental catastrophic failure" could easily affect more than just DNSSec, so I'd be fairly sure they have contingency plans in place. They might not be on the tarmac, engines running, but somebody will be getting a military escort (although who's military is open for debate).

        And let's also face that fact that while the user might not be able to validate the airline website is genuine, the airline might also not be able to validate the card request is genuine, and Visa might not be able to validate the airline is genuine, and the bank might not be able to validate Visa is actually Visa. All of which means Mr Kane has a suitcase of varying currencies so he can buy a ticket at the desk at the airport.

  7. lglethal Silver badge
    Joke

    Maybe not Mordor but close...

    Considering the hassle of getting into the US at the moment, I'm sure its not that much more difficult then getting into Mordor...

    1. Anonymous Coward
      Coat

      One does not..

      ...simply tank cat into the United States...

  8. Jimmy Floyd
    Grenade

    If something that catastrophic occurred...

    ...I'd imagine that hopping on the next 747 to the colonies might prove somewhat tricky.

  9. Anonymous Coward
    Anonymous Coward

    Telegraph finger on pulse

    Reassuring to see that readers of this esteemed organ...

    ( http://www.telegraph.co.uk/technology/internet/7914153/Briton-holds-key-to-the-internet.html )

    ... will be fully briefed on the salient details of this story, as they determine the future of the country/international megacorp/village cricket club, whilst dozing in a club chair, briar pipe in hand...

    Not sure if the link to the "IT Crowd" clip is ironic or by way of further explanation...

  10. Barn
    Coat

    One does not simply walk into...

    A secure US data centre

    1. John Lilburne

      What if you've got a

      ... magic crystal key eh? What then ... Didn't think of that did you?

    2. Was Steve
      Happy

      Does one...

      sashay in instead?

    3. Velv
      Coat

      Walk?

      Walk? Perhaps not. But given the experiences of Gary McKinnon, getting into a secure US data centre clearly isn't that difficult.

  11. Alex Brett
    FAIL

    Even the Reg can't get it right...

    I kind of expected the sensationalist reporting on other (less technical) sites, including comments like "reboot the internet" etc, but I did hope the Reg would get it right...

    "rebuilding the digital map used to route traffic on the internet" - DNS has nothing to do with how traffic is routed, that's managed by routing protocols, the primary one in use being BGP.

    "to guard against the possibility of surfers being deceived by forged web sites or spoofed emails" - DNSSEC does not stop someone seeing a spoofed e-mail and following a link - what it protects against is DNS cache posioning and the like, it will make absolutely zero difference to the multitude of phising e-mails that exist.

  12. John G Imrie

    The data center?

    Surly there should be at least one on each of the 5 major inhabitable continents as a mater of redundancy.

    1. Shane Orahilly
      Stop

      I'm sure there will be

      ...once the US is given leave to create a State on each continent. They're as likely to put that level of secure establishment outside the US as we British are to leave the Crown Jewels as a security deposit in the Bank of Zimbabwe.

  13. Yorkshirepudding
    Coat

    obligatory joke

    C:\Documents and Settings\>telnet mordor

    Connecting To mordor...Could not open connection to the host, on port 23: Connect failed

    one does not simply telnet into morder!

    1. Anonymous Coward
      Linux

      your problem there is

      Mordor uses ssh not telnet :D

      1. Pirate Dave Silver badge
        Pirate

        ssh?

        by "ssh", I'm presuming you mean "Shelob's Spider Hole" ?

  14. Tigra 07
    WTF?

    Why Gandalf?

    Why would he identify most with the old gay wizard?

    There was many other younger more vibrant people in those films and this guy chooses a decrepid old man.

    Not really the best choice is it?

    1. Richard IV
      Coat

      Here's why

      Interviewer: And how will you get to the secure US data centre?

      Kane: Fly, you fools!

    2. Anonymous Coward
      Anonymous Coward

      indeed

      If there are seven keys/rings, he should imagine himself as a dwarf.

    3. Anonymous Coward
      Anonymous Coward

      WTF ?

      Why this anti-aged rant? Are you simply jealous of of the old man's generous and rock solid pension?

      1. Tigra 07

        RE: Saggar

        Not a rant, it's called a question

        Gandalf had hardly anything to do with delivering the ring, that was the two height challenged people and their smeagle friend (who looked like an extra in the hills have eyes)

    4. Anonymous Coward
      Anonymous Coward

      Because...

      ..he can spel, and nose what grammer is?

  15. frank ly
    Stop

    Way too melodrammatic

    All this jumping onto transatlantic flights is ridiculous. All these people need to do is sent their key in an e-mail to the datacentre. Then, they do a copy/paste job and it's good to go.

    1. Anonymous Coward
      Pirate

      Re: Melodramatic

      Actually, it *is* a bit more melodramatic than that, but without all the urgency...

      The reader should be physically connected for security; you (or the card, at least) have to physically be there for it to be "read". The encryption chip being on the card itself.

      ...and just as secure as Chip & PIN, no doubt.

  16. Anonymous Coward
    Big Brother

    an alternative explanation

    > In the event of a collapse of the DNSSec system five of these holders need to travel to a secure data centre location in the US to restart the process ..

    No, no, no, from yesterdays Metro: "A new safety system has been put in place allowing much of the net to be shutdown in an emergency .."

    So you see, what's really happening here is the implementation of a system for a central authority to arbitrarily SHUT DOWN the Internet, the ultimate effect being to prevent the free flow of information.

    <insert quote from Orwell>

    1. Wommit
      Pint

      Re : an alternative explanation

      <insert quote from Orwell>

      Have you seen my glasses. Always lose the bloody things, never remember where I put them.

      </insert quote from Orwell>

  17. fixit_f
    WTF?

    So if it's 5 of the seven..

    .... and there's a Brit and perhaps somebody in Western Europe / Scandinavia, I bet the recent volcano thing and the closure of airspace gave them pause for thought about their approach.

    I understand the principles of change management, but for Christ's sake flying seven people to a datacentre with Smartcards they need to physically have with them sounds like overkill. If some of the people are in Asia / Oz and need to fly you've automatically built yourself in a good 12 hour delay before you can switch to BCP just by getting them there, that just sounds a bit daft to me. Why would you design it this way? Somebody has been watching too many Hollywood blockbusters and just thought it would be cool.

  18. ArmanX
    Joke

    What's with the keycard?

    I always thought it was one *ping* to rule them all...

    1. Sir Sham Cad

      Re: What's with the keycard?

      ...and in the darkness BIND them.

      1. Sir Sham Cad

        Of course

        It helps if you read the tagline of the article first.

        I iz stoopid.

  19. Robert Carnegie Silver badge

    Yeah, is this something to do with

    President Obama apparently being given the power to close down the Internet when the rest of the world doesn't want him to?

    Perhaps having the key holders meet at a location in the U.S. shouldn't be the only plan?

  20. Graham Marsden
    Coat

    "Fellowship of the Ring for the internet age"

    Nonsense, this is just an updating of the Seven Swords of Wayland!

    http://www.robinofsherwood.org/swords.html

  21. heyrick Silver badge

    Numpty...

    You're given a position of trust to help restore a <gasp> catastrophic failure </gasp> and what's the first thing you do? Blab.

    Way to go...

  22. Anonymous Coward
    Anonymous Coward

    Can't say I'm following all of this but

    This DNS Sec, is he related to Dalek Sec off the British TV show Doctor Who?

  23. John Savard

    The Keys Of...

    This stuff about seven keys, each one in a different location, reminds me of a story from which I had seen one episode as a young child from a famous British children's television show.

    I suppose that one could say that DNSSec controls the conscience of the Internet...

    So Mr. Kane should presumably keep an eye out for rubber-suited frogmen prepared for swimming through strong acids.

    Not Mordor... Marinus!

  24. Allan George Dyer
    Coat

    Good thing Kane identifies with Gandalf...

    It would be a concern if he identifies with Boromir, and probably a lot safer to ask his brother.

    Yep, mine's the cloak with the leaf clasp.

  25. Jemma
    FAIL

    So let me get this right....

    The governments of the world have given 7 people USB keys with the root information of the whole internet on them....

    well, It'll save the Daleks time - just sit on Virgin trains for about 3 months and you'll have the lot..

    Maggie Thatcher doing a Harriet Jones should be memorable...

  26. Cunningly Linguistic
    Paris Hilton

    Can't they just...

    ...turn the power to the Internet off and then on again?

  27. David 45

    Cue Bond theme.

    "You expect me to talk, Goldfinger?"....."No, Mr. Bond, I expect you to die". Oops, sorry, but that's the mental picture I just had after reading all this secret-squirrel stuff.

  28. Anonymous Coward
    Anonymous Coward

    But what if...

    The system wouldn't cause much trouble if it went down in it's first week of introduction, but people will gradually start building it into their programs.

    Imagine in 5 years, when a widely used library like webkit only allows programs using it to access a site by dns if it is authenticated, unless you pass it a parameter no one bothers with because every legitimate it it...

    webkit.open_connection("www.google.com")

    FAIL - DNSsec security error

    webkit.open_connection("www.goole.com", FORCE)

    OK

    Sure, this specific situation is unlikely but certainly for voip and cloud using program, this is actually pretty likely in a few years. And yeah, it would mean that the internet breaks...

  29. Dr Patrick J R Harkin

    Actually...

    Some days I think breaking the internet wouldn't be such a bad idea. We could start again, knowing all the mistakes we made last time which we couldn't fix for reasons of "backwards compatability".

    Yes, I know it's a pipe dream, but they're the best kind.

  30. Anonymous Coward
    Coat

    So if it's 5 of the seven...

    ...where's 7 of 9?

  31. WHO?!?!
    Pirate

    Dr Who anyone?

    Sounds like they got the idea from the Austa Hagen keys in Dr Who, at least these won't blow the earth up!

This topic is closed for new posts.