Mr. Oquendo (I presume "Mr." but if it's "Ms." please accept my
apologies...), it appears that there is little common ground between you and
me. So, rather than stringing this out for the next several days and boring
everybody else to tears, I will say thanks for the "chat" and I look forward
to continuing this in person over a beer or other libation at some future
gathering.
Marc
-----Original Message-----
From: J. Oquendo [mailto:[email protected]]
Sent: Tuesday, April 24, 2007 9:58 AM
To: Marcus H. Sachs
Cc: [email protected]
Subject: Re: IP Block 99/8 (DHS insanity - offtopic)
Alrighty... Since you pointed out this article I already read.
// QUOTE //
"This is the U.S. government stepping forward and showing leadership,"
Douglas Maughan, an official with the Department of Homeland Security's
Science and Technology Directorate, told United Press International.
// END //
Strong leadership? What are they implying they will lead. They can't even
lead their own security issues and I've yet to see anything on GCN, FCW
implying that mil or gov servers had their DNS servers hijacked. So what is
proposed that they will lead?
// MORE //
The DNS Security Extensions Protocol, or DNSSec, is designed to end such
abuse by allowing the instantaneous authentication of DNS information --
effectively creating a series of digital keys for the system.
One lingering question -- largely academic until now -- has been who should
hold the key for the so-called DNS Root Zone, the part of the system that
sits above the so-called Top Level Domains, like .com and .org.
...
The draft lays out a series of options for who could be the holder, or
"operator," of the Root Zone Key, essentially boiling down to a governmental
agency or a contractor.
// END //
You mean like Verisign? Why should the US handpick a company or one of their
contractors to manage this. You're implying that a PRIVATE CORPORATION would
never follow the will of the one feeding it... I could as could anyone else
point out the systemic abuse that would follow. One would have to be
ignorant to ignore the potential for abuse not solely from a government
whispering sweet nothings in the ear for sake of perhaps censorship, but
what about the private abuse... No form of oversight other than the US and
our Department of Terrorism and Paranoia Security are mentioned.
// QUOTED //
"Nowhere in the document do we make any proposal about the identity of the
Root Key Operator," said Maughan, the cyber-security research and
development manager for Homeland Security.
// END QUOTE//
Uh... In the same article it states "The draft lays out a series of options
for who could be the holder, or "operator," of the Root Zone Key,
essentially boiling down to a governmental agency or a contractor." Yet here
is Maughan stating "Oh no... DHS and the US government won't pick who holds
keys..."
// QUOTE //
"The Root Key Operator is going to be in a highly trusted position. It's
going to be a highly trusted entity. The idea that anyone in that position
would abuse it to spoof addresses is just silly."
// END //
The idea that it has a huge potential for abuse is not silly. I can see
where some would be either too good hearted to take heed to common logic,
but the potential for abuse is right smack dab in anyone's face. You pointed
out the article Mr. Sachs, so please explain to me how you can now come back
and state "But the DHS has no intention on controlling the key... Sure they
intend on handpicking who does, but that doesn't mean said company will not
follow what it is mandated to do by US government, nor will said company
abuse it on their own."
I can point out hundreds of contractors with the government who so blatantly
con the government and circumvent laws. But that would be geared towards a
political mailing list, not this one.
So if we're to stick to the facts, getting the gist out of the article you
chose... You just re-confirmed the US government's underlying desire to
somehow control the root keys...
--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
echo infiltrated.net|sed 's/^/[email protected]/g'
"Wise men talk because they have something to say; fools, because they have
to say something." -- Plato