[AusNOG] Trusted Community Representatives

Steve Lisson SteveL at dedicatedservers.net.au
Sat Apr 17 00:39:31 EST 2010


Hi,

Sent Sean a private email about that (and a couple of other things we
are discussing like IPv6), private keys are something that need to be
kept secure but definitely illustrates your point, most people don't
understand exactly what it is nor why it is important and educating us
all, including myself, about it. 

My main reason for trying to get discussion about it as I see this as
just one of many areas where key management is going to become
exceedingly important and we do need to show that this sort of system
with TCR's does work and is of vital importance of every
community/country of the world.

I am sure that I will some day apply for something similar to this in an
area where I am much more competent.

I would love to do a presentation at Ausnog about PGP/GPG, I think it is
a great practical way for people to start to learn about cryptography,
but my public speaking skills extend to how quickly and how far I could
possibly run away from an audience :) If anyone would like assistance
with that or IPv6 (or just to chat about it) please feel free to contact
me off list.

I have been very glad to hear that people have put themselves forward,
would have liked for there to have been more time so people could
discuss it (like at Ausnog) but having said that it is also something I
can see why the application period is short as the people who would be
doing it would already be familiar with cryptography and DNSSEC and have
put themselves forward.

I do hope the criteria for choosing TCR's is chosen primarily on
technical ability and an understanding on keeping the keys safe (was
surprised not to see requirements for secure storage being available to
the TCR and could have imagine people travelling with armored briefcases
handcuffed to them due to the security surrounding other keys such as
the root keys used for SSL). All comes down to the first word, Trusted. 

Taking the last two Community Representatives (and why I am definitely a
good candidate) would have to be someone who could perform general
education to the community such as presentations, etc at *NOC
conferences.

Steve

-----Original Message-----
From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Terry Manderson
Sent: Friday, 16 April 2010 4:12 PM
To: Sean K. Finn
Cc: ausnog at ausnog.net
Subject: Re: [AusNOG] Trusted Community Representatives

Sean,

Kim might be able to clarify, but from my reading of the process the TCR
roles of Crypto officer and Recovery Key share holder is to hold either
the physical key or smart card (respectively) in such a secure way that
no others have access to it.

Handing off theses pieces of security to anyone would be, well,
insecure. Furthermore, while APNIC appears to be a nice choice by virtue
of their globetrotting nature they form part of the addressing hierarchy
with ICANN and while not specifically listed in the "may not be"
section, I think it would generate cynicism if they were somehow part of
the TCR set - even as carrier pigeons.

Cheers
Terry


On 16/04/2010, at 1:49 PM, Sean K. Finn wrote:

> I posted earlier to list but it appears to not have come through, so
apologies for double-post if it ever surfaces:
> 
> 
> Kim and Steve are dead right, this is something we need to get on top
of.
> 
> The big thing here is that the keys must be exchanged Physically
IN-Person and not electronically over the Internet.
> 
> AUSNOG would serve as a very awesome hub for physical Interaction and
Dissemination of Keys.
> 
> Perhaps someone from APNIC who comes to all the AusNOG events and
globetrots would be willing to act as the carrier pidgeon for Australia?
> 
> -Sean
> 
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Kim Davies
> Sent: Friday, 16 April 2010 3:09 AM
> To: Steve Lisson
> Cc: Tom Wright; ausnog at ausnog.net
> Subject: Re: [AusNOG] Trusted Community Representatives
> 
> Quoting Steve Lisson on Friday April 16, 2010:
> | 
> | I was hopeful it would see at least some discussion, but key
management
> | of DNSSEC obviously takes a second to discussions about journalists
> | using Ausnog for leads (sorry but I thought that was pretty much a
> | given, maybe someone setup a partyline on INOC DBA for communication
> | between nocs <g>), are we actually an operational list?
> | 
> | While I was volunteering myself there is one person in the country
that
> | I would be surprised not to see as a TCR (hint, we get great
automated
> | emails from their domain every week on the list), I really am not
the
> | right person for this.
> 
> Wearing my ICANN hat for a second, we are extremely keen to have
> diversity in the trusted community representatives, and particularly
> from this community. I'd strongly encourage people to put themselves
> forward for this.
> 
> If you have any questions about the process I am happy to try and
> assist. As a reminder the deadline is a week away.
> 
> Kim Davies
> Manager, Root Zone Services
> ICANN
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog



More information about the AusNOG mailing list