[LACNIC/Seguridad] Fwd: Re: Montevideo statement
Andres Piazza
andres en lacnic.net
Mar Oct 8 12:15:14 BRT 2013
Fernando, pongo un poco de contexto a esas opiniones.
Se refieren a la Declaración de Montevideo. Aquí en 3 idiomas:
(English Below)
(Portugues Abaixo)
*
d***
*Declaración de Montevideo sobre el futuro de la cooperación en internet*
http://www.lacnic.net/web/anuncios/2013-declaracion-montevideo
-----
*
Montevideo Statement on the future of Internet Cooperation *
http://www.lacnic.net/en/web/anuncios/2013-declaracion-montevideo
----
*
*
*Declaração de Montevidéu sobre o futuro da cooperação na Internet*
http://www.lacnic.net/pt/web/anuncios/2013-declaracion-montevideo
Andrés
On 10/8/13 1:10 PM, Fernando Gont wrote:
> FYI
>
>
> -------- Original Message --------
> Subject: Re: Montevideo statement
> Date: Tue, 8 Oct 2013 09:19:35 -0400
> From: Phillip Hallam-Baker <hallam en gmail.com>
> To: manning bill <bmanning en isi.edu>
> CC: IETF Discussion Mailing List <ietf en ietf.org>
>
>
>
>
>
>
> On Tue, Oct 8, 2013 at 8:53 AM, manning bill <bmanning en isi.edu
> <mailto:bmanning en isi.edu>> wrote:
>
> >
> >
> > I think the US executive branch would be better rid of the
> control before the vandals work out how to use it for mischief.
> But better would be to ensure that no such leverage exists. There
> is no reason for the apex of the DNS to be a single root, it could
> be signed by a quorum of signers (in addition to the key splitting
> which I am fully familiar with). And every government should be
> assigned a sovereign reserve of IPv6 addresses to prevent a
> scarcity being used as leverage.
> >
> > --
> > Website: http://hallambaker.com/
>
> Quorum signing with split keys was already built and
> tested in a root server operator testbed (the OTDR testbed) from
> 1998-2005. It was considered more fragile than the current system.
>
>
> Considered more fragile by whom?
>
> By the members of the $250m/yr NSA mole program?
>
>
> Very few people in DNS land recognize the class of attack as being
> realistic. Even when they have prime ministers and members of the GRU
> visiting them to tell them how important the issue is to their country.
>
> We already have one example of lobbyists attempting this type of
> attack (see Martin's post). So it is far from unrealistic.
>
>
> At present ICANN's power over the DNS is entirely discretionary.
> Attempting to drop Palestine out of the routing tables would simply be
> the end of the ICANN root zone. ICANN could continue to manage .com
> but their influence over the rest of the system would end completely.
>
> But DNSSEC changes the balance of power. With the root signed and
> embedded infrastructure verifying DNSSEC trust chains, the cost of a
> switchover rises remarkably. And when I tried to mention the fact I
> tended to get nasty threats.
>
> The third question of power is 'how do we get rid of you'. The answer
> in the case of DNSSEC is that you can't.
>
>
> Fortunately the issue is quite easily fixed, just as the problem of
> using IPv6 or BGP allocations for leverage is fixable. Governments
> don't need to wait on ICANN or the IETF to develop a quorum signing
> model for the DNS apex, they could and should institute one themselves
> and tell their infrastructure providers to chain to the quorum roots
> rather than the monolithic apex root.
>
>
> --
> Website: http://hallambaker.com/
>
>
>
> --
> Fernando Gont
> e-mail:fernando en gont.com.ar ||fgont en si6networks.com
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>
>
>
>
>
> _______________________________________________
> Seguridad mailing list
> Seguridad en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/seguridad
--
Embedded Image
*Andrés Piazza*
Responsable de Relaciones Externas
Public Affairs Officer
*# 4202*
Embedded Image
*Casa de Internet de
Latinoamérica y el Caribe*
Rambla Rep. de México 6125
11400 Montevideo-Uruguay
+598 2604 22 22 www.lacnic.net <http://www.lacnic.net>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20131008/353cd8b8/attachment.html>
------------ próxima parte ------------
A non-text attachment was scrubbed...
Name: ciabcgja.png
Type: image/png
Size: 5596 bytes
Desc: no disponible
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20131008/353cd8b8/attachment.png>
------------ próxima parte ------------
A non-text attachment was scrubbed...
Name: ffcajajf.png
Type: image/png
Size: 6279 bytes
Desc: no disponible
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20131008/353cd8b8/attachment-0001.png>
Más información sobre la lista de distribución Seguridad