AOH :: ISNQ3852.HTM

Department of Homeland and Security wants master key for DNS




Department of Homeland and Security wants master key for DNS
Department of Homeland and Security wants master key for DNS



http://www.heise.de/english/newsticker/news/87655 

30.03.2007

The US Department of Homeland Security (DHS), which was created after 
the attacks on September 11, 2001 as a kind of overriding department, 
wants to have the key to sign the DNS root zone solidly in the hands of 
the US government. This ultimate master key would then allow authorities 
to track DNS Security Extensions (DNSSec) all the way back to the 
servers that represent the name system's root zone on the Internet. The 
"key-signing key" signs the zone key, which is held by VeriSign. At the 
meeting of the Internet Corporation for Assigned Names and Numbers 
(ICANN) in Lisbon, Bernard Turcotte, president of the Canadian Internet 
Registration Authority (CIRA) drew everyone's attention to this proposal 
as a representative of the national top-level domain registries 
(ccTLDs).

At the ICANN meeting, Turcotte said that the managers of country 
registries were concerned about this proposal. When contacted by heise 
online, Turcotte said that the national registries had informed their 
governmental representatives about the DHS's plans. A representative of 
the EU Commission said that the matter is being discussed with EU member 
states. DNSSec is seen as a necessary measure to keep the growing number 
of manipulations on the net under control. The DHS is itself sponsoring 
a campaign to support the implementation of DNSSec. Three of the 13 
operators currently work outside of the US, two of them in Europe. 
Lars-Johan Liman of the Swedish firm Autonomica, which operates the I 
root server, pointed out the possible political implications last year. 
Liman himself nomited ICANN as a possible candidate for the supervisory 
function.

The Internet Assigned Numbers Authority (IANA), which handles route 
management within the ICANN, could be entrusted with the task of keeping 
the keys. An ICANN/IANA solution would offer one benefit according to 
some experts: there would be no need to integrate yet another 
institution directly into operations. After all, something must be done 
quickly if there is a problem with the signature during operations. If 
the IANA retains the key, however, US authorities still have a political 
problem, for the US government still reserves the right to oversee 
ICANN/IANA. If the keys are then handed over to ICANN/IANA, there would 
be even less of an incentive to give up this role as a monitor. As a 
result, the DHS's demands will probably only heat up the debate about US 
dominance of the control of Internet resources. (Monika Ermert) 
(Craig Morris) / (jk/c't)


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods