[LACNIC/Seguridad] Fwd: Re: Montevideo statement

Arturo Servin aservin en lacnic.net
Mar Oct 8 16:13:09 BRT 2013 

	Una declaración muy importante por el diálogo y consenso entre las
organizaciones firmantes, y claro, porque se escribió en Latino América.

Slds
as

On 10/8/13 1:15 PM, Andres Piazza wrote:
> Fernando, pongo un poco de contexto a esas opiniones.
> 
> Se refieren a la Declaración de Montevideo. Aquí en 3 idiomas:
> 
> (English Below)
> (Portugues Abaixo)
> 
> *
> d***
> *Declaración de Montevideo sobre el futuro de la cooperación en internet*
> 
> 
> http://www.lacnic.net/web/anuncios/2013-declaracion-montevideo
> 
> 
> -----
> *
> Montevideo Statement on the future of Internet Cooperation *
> 
> http://www.lacnic.net/en/web/anuncios/2013-declaracion-montevideo
> 
> 
> ----
> 
> *
> *
> 
> *Declaração de Montevidéu sobre o futuro da cooperação na Internet*
> 
> 
> http://www.lacnic.net/pt/web/anuncios/2013-declaracion-montevideo
> 
> 
> Andrés
> 
> On 10/8/13 1:10 PM, Fernando Gont wrote:
>> FYI
>>
>>
>> -------- Original Message --------
>> Subject: 	Re: Montevideo statement
>> Date: 	Tue, 8 Oct 2013 09:19:35 -0400
>> From: 	Phillip Hallam-Baker <hallam en gmail.com>
>> To: 	manning bill <bmanning en isi.edu>
>> CC: 	IETF Discussion Mailing List <ietf en ietf.org>
>>
>>
>>
>>
>>
>>
>> On Tue, Oct 8, 2013 at 8:53 AM, manning bill <bmanning en isi.edu
>> <mailto:bmanning en isi.edu>> wrote:
>>
>>     >
>>     >
>>     > I think the US executive branch would be better rid of the
>>     control before the vandals work out how to use it for mischief.
>>     But better would be to ensure that no such leverage exists. There
>>     is no reason for the apex of the DNS to be a single root, it could
>>     be signed by a quorum of signers (in addition to the key splitting
>>     which I am fully familiar with). And every government should be
>>     assigned a sovereign reserve of IPv6 addresses to prevent a
>>     scarcity being used as leverage.
>>     >
>>     > --
>>     > Website: http://hallambaker.com/
>>
>>             Quorum signing with split keys  was already built and
>>     tested in a root server operator testbed (the OTDR testbed) from
>>     1998-2005.  It was considered more fragile than the current system.
>>
>>
>> Considered more fragile by whom?
>>
>> By the members of the $250m/yr NSA mole program?
>>
>>
>> Very few people in DNS land recognize the class of attack as being
>> realistic. Even when they have prime ministers and members of the GRU
>> visiting them to tell them how important the issue is to their country.
>>
>> We already have one example of lobbyists attempting this type of
>> attack (see Martin's post). So it is far from unrealistic. 
>>
>>
>> At present ICANN's power over the DNS is entirely discretionary.
>> Attempting to drop Palestine out of the routing tables would simply be
>> the end of the ICANN root zone. ICANN could continue to manage .com
>> but their influence over the rest of the system would end completely.
>>
>> But DNSSEC changes the balance of power. With the root signed and
>> embedded infrastructure verifying DNSSEC trust chains, the cost of a
>> switchover rises remarkably. And when I tried to mention the fact I
>> tended to get nasty threats.
>>
>> The third question of power is 'how do we get rid of you'. The answer
>> in the case of DNSSEC is that you can't. 
>>
>>
>> Fortunately the issue is quite easily fixed, just as the problem of
>> using IPv6 or BGP allocations for leverage is fixable. Governments
>> don't need to wait on ICANN or the IETF to develop a quorum signing
>> model for the DNS apex, they could and should institute one themselves
>> and tell their infrastructure providers to chain to the quorum roots
>> rather than the monolithic apex root.
>>
>>
>> -- 
>> Website: http://hallambaker.com/
>>
>>
>>
>> -- 
>> Fernando Gont
>> e-mail: fernando en gont.com.ar || fgont en si6networks.com
>> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>>
>>
>>
>>
>>
>> _______________________________________________
>> Seguridad mailing list
>> Seguridad en lacnic.net
>> https://mail.lacnic.net/mailman/listinfo/seguridad
> 
> 
> -- 
> Embedded Image
> *Andrés Piazza*
> Responsable de Relaciones Externas
> Public Affairs Officer
> *# 4202*
> Embedded Image
> *Casa de Internet de
> Latinoamérica y el Caribe*
> Rambla Rep. de México 6125
> 11400 Montevideo-Uruguay
> +598 2604 22 22 www.lacnic.net <http://www.lacnic.net>
> 
> 
> _______________________________________________
> Seguridad mailing list
> Seguridad en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/seguridad
>

Más información sobre la lista de distribución Seguridad