Given that DHS has consistently received failing grades for "cybersecurity" (I know, I know, they FINALLY received a barely non-failing grade), how could anyone think it would be a good idea to put them in charge of DNS security? DHS in charge of cybersecurity is like FEMA in charge of emergency response in New Orleans. The job might get done eventually, but what kind of destruction will be left in its wake?
By Svein SkogenPosted Saturday 14th April 2007 13:56 GMT
The problem here, is that the Department of Homeland Stupidity doesn't really know what those keys are, but they heard the word "keys", and naturally they want them.
What it more worrisome, is that this organization (who has only NOW gotten it's first ever non-flunk grade on a FISMA audit), quite clearly does not have anything NEAR the IS/IT security systems that are needed for management of these keys.
What is even more worrisome, is that the Deparment of Homeland Stupidity quite clearly doesn't understand that International (as the Internet today is), means more than 50 states. I'm afraid that if this move is completed, then we will see another case where every government on the planet mandates their own security keys standard, instead of having a simple, global standard.
Now, I see several solutions for this problem, ranking from a simple "no, you can't have them" up onto "no, you can't have them because your ridiculous it standards make you a liability to the internet itself, and you are about to get disconnected for this very reason".
If these keys are to be handled by a central political power, the correct place for them would be the UN. Not, I repeat NOT the United States of America's "Department of Homeland Stupidity".
By Walter BrownPosted Sunday 15th April 2007 19:45 GMT
I mostly agree with your statements about how the keys and how DHS itself should be handled, except for one part, the part about the U.N. having or controlling, or even knowing these keys exist. the memories of the critically acclaimed food for oil scandal is still too fresh in my memory to trust the U.N. with anything, especially something as crucial as DNSSEC encryption keys... tomorrows headlines will read:
U.N. secretary general's son indicted for selling vital root server encryption information to random hackers around the world!
and remember, you cant spell UNethical without U.N.
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive
Comments on: ICANN board member berates 'woefully unprepared' DHS
DHS in charge of security? Scary... #
By Chris Posted Saturday 14th April 2007 03:47 GMT
Not sure what those keys are, but WE WANT'EM #
By Svein Skogen Posted Saturday 14th April 2007 13:56 GMT
Well... #
By Walter Brown Posted Sunday 15th April 2007 19:45 GMT