Stories
Slash Boxes
Comments

SoylentNews is people

I Know How To Shut Down The Internet

Journal by MichaelDavidCrawford

Don't worry - I won't.

I won't tell a human soul other than those in a position to fix it, however it's a systemic weakness, and cannot be fixed by issuing patches. This problem won't get fixed until the IETF issues some future RFCs - more than one of them - and even then, not until those new standards are _widely_ implemented.

I've never mentioned this in a public way - this is the very _first_ time I've done so - and I've only told one other person that I know how, but not how it would be done.

If you're in a position to implement new RFCs at your company, or in your contributions to a Free Software or Open Source codebase that you are a _commiter_ to, please fetch my OpenPGP key from a keyserver, if your key isn't already there, please submit it then _email_ your key fingerprint - I think that's 16 digits of hex or so - then I'll add it to my keyring.

$ gpg --keyserver pgp.mit.edu --list-keys 69297A03F84E2022
pub rsa4096 2018-11-18 [SC] [expires: 2023-11-17]
            87741D160E80D4F860A192FE69297A03F84E2022
uid [ultimate] Michael David Crawford
sub rsa4096 2018-11-18 [E] [expires: 2023-11-17]

Note that I do not yet have a key for mike@soggywizards.com.

$ gpg --keyserver pgp.mit.edu --receive-key 69297A03F84E2022

Please do _not_ sign my key - nor anyone else's - unless I show your my _passport_ in your direct presence. That my technical articles are so popular led a few complete strangers who I'd never met to sign my old key. The key I've got now is _only_ self-signed.

Please keep it that way until we meet for coffee. But not a beer; I only get drunk when a close friend has been unlucky in love. Then we both Pray To The Porcelain God.

I must be purposefully oblique about the details I provide until I can feel certain not just that those who I share this with will keep a lid on it but also until I've found enough RFC-implementors that once I do provide the details, they'll be able to apply the fixes expeditiously.

It happens that I know some primary developers of some stacks. I also know some leading security experts. I'll explain this to a few of them first. I'm on good terms with some vendors' security people, I'll explain it to them as well.

 

Reply to: I Readily Agree, However...

Post Comment

Edit Comment You are not logged in. You can log in now using the convenient form below, or Create an Account, or post as Anonymous Coward.

Public Terminal

Anonymous Coward [ Create an Account ]

Use the Preview Button! Check those URLs!


Logged-in users aren't forced to preview their comments. Create an Account!

Allowed HTML
<b|i|p|br|a|ol|ul|li|dl|dt|dd|em|strong|tt|blockquote|div|ecode|quote|sup|sub|abbr|sarc|sarcasm|user|spoiler|del>

URLs
<URL:http://example.com/> will auto-link a URL

Important Stuff

  • Please try to keep posts on topic.
  • Try to reply to other people's comments instead of starting new threads.
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
  • If you want replies to your comments sent to you, consider logging in or creating an account.

If you are having a problem with accounts or comment posting, please yell for help.