You are Here:
Internet's safe-keepers forced to postpone crucial DNSSEC root key ceremony. OIK

Author (Read 14396 times)

0 Members and 2 Guests are viewing this topic.

 

Ye Olde Powder Monkey

  • Sr. InfoWarrior
  • ****
  • 344
    Posts
  • Battling the soul-less minions of orthodoxy.
    • Flying Monkeys Denied DOT COM
Online security process stalled by offline security screw-up
https://theregister.co.uk/2020/02/13/iana_dnssec_ksk_delay/
By Kieren McCarthy in San Francisco 13 Feb 2020 at 06:09

"Only specific named people are allowed to take part in the ceremony, and they have to pass through several layers of security – including doors that can only be opened through fingerprint and retinal scans – before getting in the room where the ceremony takes place.



Staff open up two safes, each roughly one-metre across. One contains a hardware security module that contains the private portion of the KSK. The module is activated, allowing the KSK private key to sign keys, using smart cards assigned to the ceremony participants. These credentials are stored in deposit boxes and tamper-proof bags in the second safe. Each step is checked by everyone else, and the event is livestreamed. Once the ceremony is complete – which takes a few hours – all the pieces are separated, sealed, and put back in the safes inside the secure facility, and everyone leaves."


Well, it's got the making of a good tale. Without Jason wanker bourne or James 001¼ it'll never sell.
Now back to Moonbase where we've got some real kinky babes wearing only Mini-Skirts & Loincloths.



Last Edit by Gladstone
Cpt's Log; 14.44 BST. 19 April, 2020: "I just day-dreamed a ramming incident.
An unusual dream indeed, as the ship I rammed belonged to The Vulcans.
I shall now walk onto their bridge and inspect all round for damage."
 

 

tahoeblue

  • Mega InfoWarrior
  • *****
  • 1415
    Posts
Geez ... nice find .. root key security ... hmmm  Anyone who copied the private key would be able to ? Any Chinese in the ceremony ?
The module is activated, allowing the KSK private key to sign keys



Last Edit by Gladstone
 

 

Powered by EzPortal