[Infowarrior] - DHS wants master key for DNS

Fri Mar 30 13:02:40 UTC 2007

Department of Homeland and Security wants master key for DNS

http://www.heise.de/english/newsticker/news/87655

The US Department of Homeland Security (DHS), which was created after the
attacks on September 11, 2001 as a kind of overriding department, wants to
have the key to sign the DNS root zone solidly in the hands of the US
government. This ultimate master key would then allow authorities to track
DNS Security Extensions (DNSSec) all the way back to the servers that
represent the name system's root zone on the Internet. The "key-signing key"
signs the zone key, which is held by VeriSign. At the meeting of the
Internet Corporation for Assigned Names and Numbers (ICANN) in Lisbon,
Bernard Turcotte, president of the Canadian Internet Registration Authority
(CIRA) drew everyone's attention to this proposal as a representative of the
national top-level domain registries (ccTLDs).

At the ICANN meeting, Turcotte said that the managers of country registries
were concerned about this proposal. When contacted by heise online, Turcotte
said that the national registries had informed their governmental
representatives about the DHS's plans. A representative of the EU Commission
said that the matter is being discussed with EU member states. DNSSec is
seen as a necessary measure to keep the growing number of manipulations on
the net under control. The DHS is itself sponsoring a campaign to support
the implementation of DNSSec. Three of the 13 operators currently work
outside of the US, two of them in Europe. Lars-Johan Liman of the Swedish
firm Autonomica, which operates the I root server, pointed out the possible
political implications last year. Liman himself nomited ICANN as a possible
candidate for the supervisory function.

The Internet Assigned Numbers Authority (IANA), which handles route
management within the ICANN, could be entrusted with the task of keeping the
keys. An ICANN/IANA solution would offer one benefit according to some
experts: there would be no need to integrate yet another institution
directly into operations. After all, something must be done quickly if there
is a problem with the signature during operations. If the IANA retains the
key, however, US authorities still have a political problem, for the US
government still reserves the right to oversee ICANN/IANA. If the keys are
then handed over to ICANN/IANA, there would be even less of an incentive to
give up this role as a monitor. As a result, the DHS's demands will probably
only heat up the debate about US dominance of the control of Internet
resources. (Monika Ermert) (Craig Morris) / (jk/c't) 