DHS demand for DNS master key alarms nations
Published on Monday, April 02, 2007.
Source: Daily KOS
Slashdot and Cryptome report that the U.S. Department of Homeland Security (DHS) is demanding the master key for the DNS root zone – a demand that has other nations alarmed. With the master key, DHS would have control over the Internet, as Slashdot describes, quoting an “anonymous reader.”
The key will play an important role in the new DNSSec security extension, because it will make spoofing IP-addresses impossible. By forcing the IANA [Internet Assigned Numbers Authority] to hand out a copy of the master key, the US government will be the only institution that is able to spoof IP addresses and be able to break into computers connected to the Internet without much effort.
The issue arose at Friday’s meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) in Lisbon, Portugal.
* Deep Harm’s diary:: ::
There is no indication yet that U.S. mainstream news media have reported on the DHS proposal. U.S. coverage of the ICANN meeting focused (predictably) on a proposal to create a domain specifically for adult websites. Cryptome cites a German news source, Heisse Online, which provides the following information.
The US Department of Homeland Security (DHS)…wants to have the key to sign the DNS root zone solidly in the hands of the US government. This ultimate master key would then allow authorities to track DNS Security Extensions (DNSSec) all the way back to the servers that represent the name system’s root zone on the Internet. The “key-signing key” signs the zone key, which is held by VeriSign. At the meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) in Lisbon, Bernard Turcotte, president of the Canadian Internet Registration Authority (CIRA) drew everyone’s attention to this proposal as a representative of the national top-level domain registries (ccTLDs).
At the ICANN meeting, Turcotte said that the managers of country registries were concerned about this proposal. When contacted by heise online, Turcotte said that the national registries had informed their governmental representatives about the DHS’s plans. A representative of the EU Commission said that the matter is being discussed with EU member states. DNSSec is seen as a necessary measure to keep the growing number of manipulations on the net under control. The DHS is itself sponsoring a campaign to support the implementation of DNSSec. Three of the 13 operators currently work outside of the US, two of them in Europe. Lars-Johan Liman of the Swedish firm Autonomica, which operates the I root server, pointed out the possible political implications last year. Liman himself nominated ICANN as a possible candidate for the supervisory function.
When other nations are worried, Americans, too, should be concerned. The Bush administration has demonstrated that it is unable to wield power responsibly. Therefore, its demand for Internet control should be viewed as an opportunity to abuse its authority to control a medium that has played a critical role in holding it accountable.