Today, a little after noon, I decided to do a short routine maintenance on my laptop. One thing led to another, and the short maintenance took several hours. That's the cost of not doing it properly more often.
While scanning my system for stuff to clean up, I noticed this "did you know" message on my screen. Apparently a clever addition to pass time quicker, if you're counting progress percent.
14 people holding the key to the internet... I didn't know that, and I was determined to check if it's true.
I expected it to be something obscure and difficult to find out, but apparently it's common knowledge. Even mainstream media covered it several years ago.
What is this all about?
Internet addresses are of two types:
- computer-friendly (IP addresses, which are numerical in nature, like 193.203.45.56; this is an older ipv4 address, new ones ipv6 look differently)
- human-friendly (domain names like leofinance.io)
Every domain name has a corresponding IP address of the server where everything runs in the backend. And matching the two is realized through the Domain Name System (DNS), which keeps a record of these correspondences.
But how do we know when we try to access a website by using its domain name, we actually reach its server and not a clone with a different IP?
I am not an expert in these matters, but there is a mechanism of authenticating DNS records, called DNSSEC, which is based on a hierarchy of cryptographic keys starting at the root of the DNS.
These root DNS keys are managed by ICANN, and involve 7 people worldwide (+7 backups) holding keys and participating in regular ceremonies of changing them. ICANN seemed bothered enough by the topic to address it in a short post on their site a few years ago.
What they are saying in their response is true. These 14 people don't control the entire internet.
However, without DNS, or with a corrupted or manipulated/censored one, things won't be the same for the regular people browsing the web.
I don't know if all the key holders are publicly known, for example. And if they are, could forcing all of them to do certain actions have consequences on the integrity of DNS, or all they can do is generate new keys every few months/years?
If coercing 7 people could potentially compromise the integrity of DNS, that's bad news. But I don't know enough to tell one way or another.