The Magnificent Seven

They were seven – And they fought like seven hundred!

With less than a week to go before the opening of ICANN's DNSSEC root key generation ceremony, there is a roaring debate occurring among the technical community whether or not the list of Trusted Community Representatives (TCRs) should be publicly revealed in advance. The TCRs were selected by ICANN to participate in the generation of the keys that will be used to digitally sign the DNS root zone file keyset, providing a single trust anchor for authenticating a global, secure DNS.

On one side of the corral, ICANN's Joe Abley defends the choice, stating the intention of not revealing the identities of the TCRs in advance is:

to reduce the chance of pressure or influence being brought to bear against the volunteers. After the first ceremony the identities are all public anyway (as part of the full disclosure of audit materials).

To what ends, this pressure or influence that ICANN fears? The thread descends quite quickly into the absurd, revolving around obscure crypto attacks, obtuse Indiana Jones references (involving Nazis, of course, ala Godwin) and tin foil hats. On the other side of the corral, Nominet's Roy Arends, one of the principal architects and ardent supporter of DNSSEC, who states:

If the list is not controversial, I see no reason to keep it under the hat. The reasons for keeping it secret are very minor, let alone valid (if not thought off in hindsight bias), so I guess next week, we'll see who's on the list, and thus why the secrecy. Keep in mind that these are trusted community representatives…I have acted as a reference for some [TCRs], solely because I trust these people blindly and I think they are able to represent the community well. They are on the list. Now I want to see the rest.

The problem that Arends alludes to is that there was no external vetting of the TCRs in the selection process. In an attempt to defuse this, Abley noted that all five RIR service regions were represented in ICANN's TCR solicitation process, and that the requirement for geographic diversity was applied in selection.

However, this dodges the problem. Given that the key generation protocol requires 3 of 7 Crypto Officers to generate a valid key for signing the root, it is quite possible under extraordinary circumstances for 3 individuals who might not have the trust of the global Internet community to generate a key and sign the root zone keyset. This is why diversity in the composition of and trust in all of the TCRs is so important. (we pointed out a similar flaw in VeriSign's root signing proposal last year in our comments to the DoC) So far, a handful of members of the technical community have voluntarily identified themselves as likely East Coast TCR Crypto Officers, including Anne-Marie Eklund Löwinder, Robert Seastrom, Olaf Kolkman and Ólafur Guðmundsson (a designated backup). That leaves four.

It all makes you wonder if ICANN is either brilliant, naive, or something else. Even though widely liberalized in the 1990s, nation-states remain sensitive to crypto's application to communications network infrastructure. ICANN would be wise to avoid that influence. Claiming “regional” TCRs is a useful tactic for avoiding influence of the nation-state. But, depending on the final composition of the magnificent seven, it could be a way for one nation-state to, under extraordinary circumstances, maintain control of infrastructure critical to the global DNS. And that is why it would have been prudent for the Internet community to actually vet the TCRs in advance.

16 comments

  1. Anonymous

    Head on over to the IETF Corral where sage John
    Klensin has explained why all this is theater.
    ISPs do not use DNSSEC-laden feeds and people
    with SOHO routers (DNSMASQ) certainly do not.
    The ICANN CEO was tossed out of the Dept. of
    Homeland Security when people discovered he
    is NOT a Security Expert. Now we see he Knows
    Security Experts. It is not what you know but
    WHO you know. That has been ICANN from
    square one.
    The industry is routing around ISOC and ICANN.
    You can be suckered by their theater or get a
    real life.

  2. Anonymous

    META ICANN has Arrived
    META ICANN – The Study of (The Study of ICANN)
    A. Mike Palage writes a GREAT post.
    http://www.circleid.com/posts/icann_reloaded_will_they_ever_learn/
    B. ICANN paid shills debunk the post
    C. Is this more Fabricated Theater leading up
    to the next ICANN Love-Fest in Europe ?
    [Note: Stuart Lynn said in a public speech that
    as CEO he was instructed by Mike Roberts to
    “stir up controversy” just prior to big meetings.]

  3. Anonymous

    Your link to the “roaring debate” appears to be broken — could you please update the link to reflect the mailing list archives where this debate is taking place? Thanks.

  4. Anonymous

    NANOG49 Attendee List
    There are 560 registered attendees.
    ALL 7 of the Magnificent.Seven are on the list!!!
    New.NOG to become the new IANA ?
    “They were seven – And they fought like seven hundred!”
    The Dirty Dozen are also headed to NANOG.49

  5. Anonymous

    SWAP for the SWAMP ?
    Deal ? ARIN funds NewNOG and the SWAMP /8s
    eventually slither over to NewNOG ?
    Billion dollar assets flowing between Non-Profits?
    Pay no attention to those Shells and the little Ball.

  6. Anonymous

    SWAP for the SWAMP ?
    Deal ? ARIN funds NewNOG and the SWAMP /8s
    eventually slither over to NewNOG ?
    Billion dollar assets flowing between Non-Profits?
    Pay no attention to those Shells and the little Ball.

  7. Anonymous

    DNSSEC [Theater] Misleads General Public
    Many people (domainers) think that DNSSEC is
    a system to Secure THEIR Registrations from
    theft.
    Ironic, it has been ICANN Policies that have
    caused (assisted) with domain theft. UDRP and
    the Lax Reseller policies are two examples.
    People lost domains in the RegisterFly Reseller
    debacle when ENOM locked them out.
    Back to DNSSEC: It makes no sense to the
    general public. You have a Root Zone of Hints
    which is only useful if widely communicated.
    So, you lock it up and protect the contents ?
    No, the contents are protected to make sure
    there is only ONE correct answer. Prior to DNSSEC
    that was easy to determine by asking several
    sources for hints. One could compare the results.
    DNSSEC solves a problem which did not exist.
    Working down the DNS tree, the system of asking
    for several opinions scales more easily. ICANN
    is creating a system that uses HUMANS as the
    opinion-holders. That is inefficient, prone to error,
    and laden with the Face-to-Face world of ICANN.
    Mammal-to-Mammal: It may make for great
    THEATER but it is silly and shows how misguided
    ICANN is, especially in Internet Security.
    Insert [Video] – 60 Minutes on Cyber Security

  8. Anonymous

    Players with their check books are NOT on the Attendee List.
    Follow the money and the IANA /8s