Stories
Slash Boxes
Comments

SoylentNews is people

The Fine print: The following are owned by whoever posted them. We are not responsible for them in any way.

I Know How To Shut Down The Internet

Journal by MichaelDavidCrawford

Don't worry - I won't.

I won't tell a human soul other than those in a position to fix it, however it's a systemic weakness, and cannot be fixed by issuing patches. This problem won't get fixed until the IETF issues some future RFCs - more than one of them - and even then, not until those new standards are _widely_ implemented.

I've never mentioned this in a public way - this is the very _first_ time I've done so - and I've only told one other person that I know how, but not how it would be done.

If you're in a position to implement new RFCs at your company, or in your contributions to a Free Software or Open Source codebase that you are a _commiter_ to, please fetch my OpenPGP key from a keyserver, if your key isn't already there, please submit it then _email_ your key fingerprint - I think that's 16 digits of hex or so - then I'll add it to my keyring.

$ gpg --keyserver pgp.mit.edu --list-keys 69297A03F84E2022
pub rsa4096 2018-11-18 [SC] [expires: 2023-11-17]
            87741D160E80D4F860A192FE69297A03F84E2022
uid [ultimate] Michael David Crawford
sub rsa4096 2018-11-18 [E] [expires: 2023-11-17]

Note that I do not yet have a key for mike@soggywizards.com.

$ gpg --keyserver pgp.mit.edu --receive-key 69297A03F84E2022

Please do _not_ sign my key - nor anyone else's - unless I show your my _passport_ in your direct presence. That my technical articles are so popular led a few complete strangers who I'd never met to sign my old key. The key I've got now is _only_ self-signed.

Please keep it that way until we meet for coffee. But not a beer; I only get drunk when a close friend has been unlucky in love. Then we both Pray To The Porcelain God.

I must be purposefully oblique about the details I provide until I can feel certain not just that those who I share this with will keep a lid on it but also until I've found enough RFC-implementors that once I do provide the details, they'll be able to apply the fixes expeditiously.

It happens that I know some primary developers of some stacks. I also know some leading security experts. I'll explain this to a few of them first. I'm on good terms with some vendors' security people, I'll explain it to them as well.

I Know How To Shut Down The Internet | Log In/Create an Account | Top | 26 comments | Search Discussion
Display Options Threshold/Breakthrough Reply to Comment Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by The Mighty Buzzard on Tuesday December 04 2018, @06:31PM (1 child)

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday December 04 2018, @06:31PM (#769688) Homepage Journal

    I'm not particularly concerned if someone breaks it. I've a fair stockpile of porn locally and can always use a good excuse to go fishing.

    --
    My rights don't end where your fear begins.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Wednesday December 05 2018, @10:49AM

    by Anonymous Coward on Wednesday December 05 2018, @10:49AM (#770018)

    And there you have it, ladies and gentlemen. Porn is the reason more people don't go fishing.