The threat to national security or delirium paranoid?
Kind time of day, Dear Habrayuzer.
I want to share with you my thoughts on the DNS SEC or, to put it in words of a more secure version of the DNS protocol, which, according to its developers, will reduce the number of phishing attacks with the substitution of a DNS server, make it impossible to fake DNS answers well and generally make the Internet safer.
I will not get into technical details, since there are more questions than answers for myself, but the main difference between the DNS SEC and the usual DNS is that the DNS SEC involves signing requests from the client to the DNS server and signing responses from the DNS server to the client.
(under the word signature - it means a digital signature). It seems that everything is cool and logical, to really forge requests / responses between the client and the server will become almost impossible.
And if the Internet were as free and friendly, without policies and attempts to divide spheres of influence and restrictions on access to information, then this would be a great idea that really made networking more secure.
')
However, in view of the fact that each state is trying to control the users of its country, and is looking for leverage on its neighbors on the planet, in this situation the question arises: And who will be the key keeper?
After all, a digital signature implies a certification authority that will issue certificates, check their validity and store lists of revoked certificates. This means that the organization that will be responsible for the certificate authority will have the power to disconnect each user, each network node from DNS service just by revoking the certificate. It seems that the network itself does not collapse from this, everything will work, but for most ordinary users, disabling DNS means disabling the Internet.
At the moment there is a discussion to give the role of a key to the organization ICANN, which is controlled by the US government. Consequently, the United States will be able to control who can share information on the network and who does not. By withdrawing just one or two certificates, you can isolate the whole country.
Now the outcome of the war is decided by the information, remember the example of Georgia.
From what the conclusion suggests itself: by implementing this DNS SEC, the USA will receive a very powerful lever of pressure on other countries.
PS Maybe I am aggravating the situation, but it seems to me exactly that.
I want to share with you my thoughts on the DNS SEC or, to put it in words of a more secure version of the DNS protocol, which, according to its developers, will reduce the number of phishing attacks with the substitution of a DNS server, make it impossible to fake DNS answers well and generally make the Internet safer.
I will not get into technical details, since there are more questions than answers for myself, but the main difference between the DNS SEC and the usual DNS is that the DNS SEC involves signing requests from the client to the DNS server and signing responses from the DNS server to the client.
(under the word signature - it means a digital signature). It seems that everything is cool and logical, to really forge requests / responses between the client and the server will become almost impossible.
And if the Internet were as free and friendly, without policies and attempts to divide spheres of influence and restrictions on access to information, then this would be a great idea that really made networking more secure.
')
However, in view of the fact that each state is trying to control the users of its country, and is looking for leverage on its neighbors on the planet, in this situation the question arises: And who will be the key keeper?
After all, a digital signature implies a certification authority that will issue certificates, check their validity and store lists of revoked certificates. This means that the organization that will be responsible for the certificate authority will have the power to disconnect each user, each network node from DNS service just by revoking the certificate. It seems that the network itself does not collapse from this, everything will work, but for most ordinary users, disabling DNS means disabling the Internet.
At the moment there is a discussion to give the role of a key to the organization ICANN, which is controlled by the US government. Consequently, the United States will be able to control who can share information on the network and who does not. By withdrawing just one or two certificates, you can isolate the whole country.
Now the outcome of the war is decided by the information, remember the example of Georgia.
From what the conclusion suggests itself: by implementing this DNS SEC, the USA will receive a very powerful lever of pressure on other countries.
PS Maybe I am aggravating the situation, but it seems to me exactly that.
Source: https://habr.com/ru/post/95870/
All Articles