[LINK] CIA honeypot WikiLeaks mirror - retracted
Tom Koltai
tomk at unwired.com.au
Mon Dec 13 14:59:42 AEDT 2010
> -----Original Message-----
> From: Glen Turner [mailto:gdt at gdt.id.au]
> Sent: Monday, 13 December 2010 11:18 AM
> To: Tom Koltai
> Cc: The Link Institute
> Subject: Re: [LINK] CIA honeypot WikiLeaks mirror - retracted
>
>
> On Sun, 2010-12-12 at 14:37 +1100, Tom Koltai wrote:
> > Well depending on the peering agreements one has with the various
> > switches in the exchanges, not very hard at all. Access to
> the switch
> > backplane is a relatively trivial exercise.
>
> It is not trivial. Even it if were done, put bluntly, our
> technical people are better than their's (for a start, we pay
> them more) and discovery is only a matter of time. An
> Australian agency acting that way would destroy the trust
> required for the operation of the interception arrangements,
> to the detriment of Australian society.
I regret I must disagree.
My comments are based on observations of breaches on a certain popular
widely deployed Gb switch.
>
> > Earlier this year I was laughed at for suggesting that Australia
> > needed to run it's own Root Server.
>
> We do run own own root server.
It's a copy of the J (Telstra) and the F servers and updated
automatically, including any "discreet" policy changes.
Unless of course the Australian mirror has automatic updates turned off
and is manually fed (by several people) in which case, I am content.
>
> But you have confused the technical and the political. The
> root servers only point to the servers for the next level
> down .au, .com., .edu and so on. Whilst running a root server
> enhances the stability of the internet, it doesn't achieve
> the policy outcome you desire.
>
> What you desire is the ability to augment the official zones
> with additions or deletions. That is, "split DNS". Only one
> country has deployed that -- China. It was one of the
> technical approaches to implementing Internet filtering in
> Australia -- it was the preferred solution by Telstra. So in
> future years you may yet get your wish. Personally, I'm happy
> enough for the US to control a small proportion of the DNS
> namespace as opposed to Australia having full control of the
> DNS as seen by Australians implemented by using a
> filtering-ready DNS infrastructure.
>
Actually, I was aware of the Filter implication, but in the heat of
battle (so to speak) forgot about the downside of having a single point
of delegation.
Which would suggest that a Distributed system as per the following
proponent submissions, might be appropriate.
Serving DNS using a Peer-to-Peer Lookup Service
http://www.cs.rice.edu/Conferences/IPTPS02/178.pdf Circa June 1995
(Based on Chord)
P2PNS: A Secure Distributed Name Service for P2PSIP, Ingmar Baumgart,
Proceedings of the Sixth Annual IEEE International Conference on
Pervasive Computing and
Communications (PerCom 2008), Hong Kong, China, p. 480-485, Mar 2008.
http://doc.tm.uka.de/2008/P2PNS_2008.pdf
With the paper specifying:
Quote/
Requirements
The name service P2PNS should fulfill the following requirements:
. The name service should not be limited to P2PSIP, but
also support e.g. distributed DNS. Therefore the name
service should be independent from the SIP protocol.
. The P2PNS architecture should be completely decentralized.
In particular it should not depend on any centralized
login servers or other trustworthy authorities.
. The user should be able to choose an arbitrary AoR.
. P2PNS should provide mechanisms to guarantee the
uniqueness of AoRs and prevent identity theft.
/Quote
Tom
More information about the Link
mailing list