FC: Responses to ICANN preserving Net-stability against terrorists

Bill Stewart bill.stewart at pobox.com
Wed Oct 3 19:03:11 PDT 2001 

At 06:36 PM 09/29/2001 -0400, Declan McCullagh wrote:
>[Karl is on the ICANN board of directors. --DBM]

Yes, but he's got the "Hey, how did somebody from the *public* get
one of the public slots on the board of directors?!?!?" seat
on the board, and the cabal is trying to prevent anybody like
that from actually happening again :-)


>From: Karl Auerbach <karl at cavebear.com>
>To: Declan McCullagh <declan at well.com>
>cc: <rforno at infowarrior.org>
>Subject: Re: FC: Richard Forno on ICANN and Net-stability against terrorists
>...
>I've spent a lot of time dealing with capability based operating systems
>(a technology that I believe deserves to be revived), mathematical
>expressions of security policy, formal proof of correctness of operating
>systems, real-live inplementations of secure operating systems and
>networks, cryptographic engines, key management systems, etc.
>Most of the document are buried deep in paper archives at the old National
>Bureau of Standards.  As for the software and networks: Who know where
>they might be these many years later.

The current Capability-based operating system project is
EROS, the Extremely Reliable Operating System, www.eros-os.org
(I think it's .org.  You can't just look for www.eros.com for obvious 
reasons:-)
I know it was active a year ago; not sure what they've done lately,
but the last I heard, their ringleader was at a university professorship,
so there may be grad students developing it some more,
and they were looking at making it microkernel-based.

One of the other well-known capability-based systems was KeyKOS;
some of the main folks from that are at Agorics.com.


>And let's put things in perspective.  What we're going to be doing is
>looking at many non-technical protections, like making sure that there are
>sufficient backups and procedures so that DNS infrastructure can be 
>repaired.

There are three or four main kinds of attacks/failures for the domain system -
- Failures/Attacks on the servers themselves
- Attacks on the data transmission - various technical attacks such as
         spoofing DNS requests, adding extra records to responses, etc.
         DNSSEC and similar kinds of authentication are important for 
preventing these.
- Attacks on the data, e.g. forged change requests - that's another very strong
         reason for authentication technology, whether it's PGP or dumb 
passwords.
- Social engineering attacks on the system, such as UDRP abuse by trademark 
holders
         trying to reverse-cybersquat, as well as cybersquatting abuses,
         and delaying the extra TLDs.

James Love <love at cptech.org> suggests:
>Can we spell, mission creep?

Depends on what you think their original mission was :-)
If your initial goal is World Domination, mission creep's no problem...
I've been especially concerned with their grab of the IPv6 numberspace
and the price-fixing that's prevented almost anyone from buying it.

> From today's WSJ
>
>http://interactive.wsj.com/articles/SB1001643073146154880.htm
>Some of these computers, such as the primary "A" root server in northern
>Virginia, operate within secure buildings, but others are far less
>protected. When congressional auditors recently checked the security
>surrounding them, "one of them was sitting in a professor's office at the
>University of Maryland," says Keith Rhodes of the General Accounting Office.
>"I would worry."

There was a while that MAE-East was in a parking garage in Maryland,
with not much more than chain-link fence for protection.

More information about the cypherpunks-legacy mailing list