[LACNIC/Seguridad] Fwd: Re: Montevideo statement

Andres Piazza andres en lacnic.net
Mar Oct 8 12:15:14 BRT 2013


Fernando, pongo un poco de contexto a esas opiniones.

Se refieren a la Declaración de Montevideo. Aquí en 3 idiomas:

(English Below)
(Portugues Abaixo)

*
d***
*Declaración de Montevideo sobre el futuro de la cooperación en internet*


http://www.lacnic.net/web/anuncios/2013-declaracion-montevideo


-----
*
Montevideo Statement on the future of Internet Cooperation *

http://www.lacnic.net/en/web/anuncios/2013-declaracion-montevideo


----

*
*

*Declaração de Montevidéu sobre o futuro da cooperação na Internet*


http://www.lacnic.net/pt/web/anuncios/2013-declaracion-montevideo


Andrés

On 10/8/13 1:10 PM, Fernando Gont wrote:
> FYI
>
>
> -------- Original Message --------
> Subject: 	Re: Montevideo statement
> Date: 	Tue, 8 Oct 2013 09:19:35 -0400
> From: 	Phillip Hallam-Baker <hallam en gmail.com>
> To: 	manning bill <bmanning en isi.edu>
> CC: 	IETF Discussion Mailing List <ietf en ietf.org>
>
>
>
>
>
>
> On Tue, Oct 8, 2013 at 8:53 AM, manning bill <bmanning en isi.edu 
> <mailto:bmanning en isi.edu>> wrote:
>
>     >
>     >
>     > I think the US executive branch would be better rid of the
>     control before the vandals work out how to use it for mischief.
>     But better would be to ensure that no such leverage exists. There
>     is no reason for the apex of the DNS to be a single root, it could
>     be signed by a quorum of signers (in addition to the key splitting
>     which I am fully familiar with). And every government should be
>     assigned a sovereign reserve of IPv6 addresses to prevent a
>     scarcity being used as leverage.
>     >
>     > --
>     > Website: http://hallambaker.com/
>
>             Quorum signing with split keys  was already built and
>     tested in a root server operator testbed (the OTDR testbed) from
>     1998-2005.  It was considered more fragile than the current system.
>
>
> Considered more fragile by whom?
>
> By the members of the $250m/yr NSA mole program?
>
>
> Very few people in DNS land recognize the class of attack as being 
> realistic. Even when they have prime ministers and members of the GRU 
> visiting them to tell them how important the issue is to their country.
>
> We already have one example of lobbyists attempting this type of 
> attack (see Martin's post). So it is far from unrealistic.
>
>
> At present ICANN's power over the DNS is entirely discretionary. 
> Attempting to drop Palestine out of the routing tables would simply be 
> the end of the ICANN root zone. ICANN could continue to manage .com 
> but their influence over the rest of the system would end completely.
>
> But DNSSEC changes the balance of power. With the root signed and 
> embedded infrastructure verifying DNSSEC trust chains, the cost of a 
> switchover rises remarkably. And when I tried to mention the fact I 
> tended to get nasty threats.
>
> The third question of power is 'how do we get rid of you'. The answer 
> in the case of DNSSEC is that you can't.
>
>
> Fortunately the issue is quite easily fixed, just as the problem of 
> using IPv6 or BGP allocations for leverage is fixable. Governments 
> don't need to wait on ICANN or the IETF to develop a quorum signing 
> model for the DNS apex, they could and should institute one themselves 
> and tell their infrastructure providers to chain to the quorum roots 
> rather than the monolithic apex root.
>
>
> -- 
> Website: http://hallambaker.com/
>
>
>
> -- 
> Fernando Gont
> e-mail:fernando en gont.com.ar  ||fgont en si6networks.com
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>
>
>
>
>
> _______________________________________________
> Seguridad mailing list
> Seguridad en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/seguridad


-- 
Embedded Image
*Andrés Piazza*
Responsable de Relaciones Externas
Public Affairs Officer
*# 4202*
Embedded Image
*Casa de Internet de
Latinoamérica y el Caribe*
Rambla Rep. de México 6125
11400 Montevideo-Uruguay
+598 2604 22 22 www.lacnic.net <http://www.lacnic.net>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20131008/353cd8b8/attachment.html>
------------ próxima parte ------------
A non-text attachment was scrubbed...
Name: ciabcgja.png
Type: image/png
Size: 5596 bytes
Desc: no disponible
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20131008/353cd8b8/attachment.png>
------------ próxima parte ------------
A non-text attachment was scrubbed...
Name: ffcajajf.png
Type: image/png
Size: 6279 bytes
Desc: no disponible
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20131008/353cd8b8/attachment-0001.png>


Más información sobre la lista de distribución Seguridad