You can rest assured that you are on the Internet, relying on these seven keys to guard the Internet.

You can go online with peace of mind, relying on these seven keys to protect the internet

This article is from WeChat official account: bring Science home (ID:steamforkids), source: Icann, etc., compilation: Qijun, header source: UNsplash

You know, when you enter the URL of a website, you won't open a strange phishing website. Who is it?


Every three months since 2010, this mysterious meeting, known as the key ceremony (key ceremony), or the root key signing ceremony (Root Signing Ceremony), will be held in the eastern or western United States.

The ceremony was attended by mystical people holding the Internet's keys.

When these mysterious people gather, they can take out seven swords (7 smart cards), and these seven swords can summon a powerful Internet sword - the master key of the "number book" on the Internet. Key).

This big sword guards a core system of the Internet - DNS, which is the domain name system (specifically, they control the Domain Name System Security Extension (DNSSEC)).

DNS is equivalent to the Yellow Pages, Numbers, or Roster of the Internet, which records the URLs of different websites and their corresponding IP addresses, such as the Global Science website and its corresponding response IP

When you enter a web address in a browser, you have to use DNS to help you find the right IP, to open the correct web page. If you don't want to visit any Web site as much as DNS, you have to memorize the IP, of the site.

So, what if the bad guy deliberately tampers with the IP address of the URL and navigates to the strange phishing website?

This requires a reliable way to prevent the bad guys from tampering with the DNS system, which is why the key ritual for generating the master key was born.



The Internet Assigned Numbers Authority, which is a relatively large non-profit organization, is the Internet Corporation for Assigned Names and Numbers (ICANN).

"if you get the master key, you can create your own root domain, and you can control what websites others can access," said Matt Larson, vice president of ICANN.

In other words, if you can gather seven swords and summon a big sword, you can call Lin Wulin, but you are the only one. So this master key can basically rank in the top three on the Internet weapon spectrum.

Such a powerful "weapon" to whom I am afraid will make others dissatisfied. So in 2016, the US government transferred control of the DNS database, the Internet Assigned Numbers Authority, to ICANN, leaving it nominally out of control of the US government.

But what if ICANN is a villain himself, how can he believe it?


However, there are still many people who are not at ease with ICANN. Therefore, ICANN sometimes broadcasts this ritual on its own website, proving to people around the world that they are really serious about doing it.

Let's take a look at the exact course of the ceremony.

One day in 2014, some mysterious people gathered in an ordinary building in El Segundo, southwest of Los Angeles, California, about a few kilometers from Los Angeles International Airport. They will hold a key ceremony.

These people are from all over the world, Swedes, Russians, Spaniards, Portuguese. And these key holders meet for a key ceremony to summon the Great Sword to confirm that the world's Web site, "Yellow pages," DNS is real and has not been altered by the bad guys.

In the unlikely event that the DNS system collapses, meaning that the yellow pages of the Internet are burned, then these people can gather to rebuild the world's DNS system.

So, how are Internet key holders selected?

There are now 21 key holders for ICANN. Twenty of them have been members of ICANN since the first ceremony.

The process of selecting key holders is surprisingly simple.


The last selected Internet key "protection method" has a technical background of network security and works for different international agencies. The purpose of finding law-protection around the world is to disperse power and prevent individuals, individuals, or countries from controlling the sword.

One of the key holders is Yao Health from the China Internet Information Center (CNNIC).

Participants who participated in the August 2016 key ceremony. Image source: ICANN

Who was the key holder who dropped out?

This man is not simple at all, because he is one of the fathers of the Internet-Winton Cerf (Vint Cerf).

After leaving the internet guard law, he became a guru-Google's chief internet missionary, (Chief Internet Evangelist). (Google's chief internet missionary

The 21 key holders are divided into two waves, 14 are the main key holders, each with a traditional physical key that opens a safe with a smart card hidden in it. With these smart cards, you can start a machine that can generate a master key, that is, summon the Great Sword. So ask them to protect the law.

The 14 key holders each have a traditional physical key that can be used to open a safe. The safe has a smart card that can be used to launch a machine that generates the master key. @Laurence Mathieu / the Guardian


Every year, the backup samurai takes a picture of himself with the newspaper of the day, and sends it to ICANN, to prove I'm alive and stuck.

The ceremony took place in this data center.

Entering this place has to go through a layer of security checks, similar to the 007 movie.

At the beginning of the ceremony, everyone must first pass a security door that requires a password, a smart card, and biometric identification of the hand to open.

After entering, I came to a "rat cage". In this cage, only one door can be opened at a time.


The entrance to the ceremony was even more complex, with only a few at a time. Richard Lamb, senior project manager at ICANN, scanned the iris and allowed everyone to enter the room at the venue.

Richard Lam


When you go in, you will be given a ritual process, which records more than a hundred procedures involved in the ceremony. The entire ceremony will also be videotaped, sometimes live on ICANN.


As a result, the ceremony was cleaned by the guard himself. This time, Anne-Marie Eklund L ö winder, a Swedish guard, visited the cleaners the day before the ceremony to clean the place.


There is a 2.4 m * 2.4 m security cage on one side of the room and 2 safes in the security cage. A smart card is stored in the safe, and the smart card can be used to start the machine that generates the master key.

The host of the ceremony was Francisco Arias, technical director of ICANN.

First, Arias and the four guardians (the ritual requires at least three guardians to participate) enter the security cage to pick up the smart card in the safe.

The smart card is placed in a security bag.

The law was attended by João Damas from Portugal, Edward Lewis, a US-based security analyst firm, and Uruguay Carlos Martinez, who works for Lacnic, a company that provides Internet registration services for Latin America and the Caribbean.

The key rituals that seem to be very stable are actually lack of artificial accidents.

At the ceremony, for example, a man slammed the safety door of a security cage, triggering an earthquake monitor, causing the door to close automatically. ) really didn't mean it? (d)

The ceremony host and the guardian were all locked in the security cage where the smart card was placed...

After 6 minutes of chaos, they thought of a solution: trigger the siren and leave the security cage with an emergency evacuation.

So the alarm sounded cheerfully and everyone was evacuated into the hallway.

At 10:09 in the evening, everyone returned to the venue. The machine that generated the master key is ready. After inserting the smart card, it will generate a long string of encrypted passwords, the master key, the big sword.

A machine that generates a master password

If the machine falls to the ground or is heavily kao, it will start a self-destruct program.


At 10:48, a gray box was activated and the guards inserted their smart cards into the master password generator.

10:59, Alejandro Bolivar, a security expert from the United States, began reading an absurd string of "flat-foot guarantees for brick-making." to get witnesses to confirm it.

After the witness confirmed these weird codes, they signed the word.

At 11:02 pm, after a line of code was entered into the computer, a new signed master key, the Great Sword, was generated.

It took 20 minutes to unplug the pull, turn it off, and then hand over a USB with the master key to ICANN engineer Tomofumi Okubo.

Okubo sends out its master key to Verisign.Verisign, which manages DNS's "root area" (root zone), which works for the company, the Guardian Alejandro Bolivar mentioned above. It will tell servers that control .com, .net, what to do with the URL you enter.

After 3 months of use, the master key will be invalid and the ceremony will be repeated.

Next, the four guards returned to the safe cage that had closed them and put the smart card back. The ceremony is over and everyone can go out happy.

Reading this slightly different key ceremony is still a bit of a concern for DNS's security.


ICANN said on the official website that the Internet contains many different systems, and DNS is just one of them. Controlling DNS has absolutely no way to fully control other aspects of the Internet.

This is like, although the Eternal Sword Dragon Sword can make a tyrannical martial arts, but the martial arts does not belong to any one person, the martial arts lord does not.

In addition, ICANN is only a part of ensuring Internet security, and many organizations also assume responsibility for defending the Internet, such as the Internet Engineering Task Force and the World Wide Web Consortium.

By the way, the World Wide Web Consortium is the father of the World Wide Web - the British computer scientist Tim Berners-Lee himself. These organizations have developed various standards for the Internet, such as network transport protocols.

Tim Berners-Lee

Some children still do not want to be willing to know, in case someone killed all the laws, what will happen?


This article is from WeChat official account: bring Science home (ID:steamforkids), source: Icann, etc., compilation: Qijun, header source: UNsplash

* The article is the author's independent point of view, does not represent the position of the tiger sniffing net. This article is taken from the science of the author © Authorized by and edited by Tiger Sniffing. Reprint this article, please indicate the author's name in the text, keep the integrity of the article (including the tiger sniffing and other authorship information), and please attach the source (Hua Sniff Network) and this page link. Original link: If the person is not reprinted according to the rules, the tiger sniffs the right to pursue the corresponding responsibility.

In the face of the future, you and I are still children, not to download the Tiger Sniff App and sniffing innovation!

Peace of mind internet 7 guards internet key

Read More Stories

© , New View Book