As I'm sure you're aware, for this attack to work, not only would the US
government need to compromise the root KSK HSMs and a rather Byzantine
set of safeguards, they would also presumably need to do so in a way
that would reduce the likelihood that the compromised elements would be
noticed.
Well, sure. If I were the NSA, I would arrange for a servers that
mirrored the real data except for a few bits that I wanted to spear phish.
I think it's reasonable to assume that for high-value targets the NSA can
bring a lot of money and skilled people to the project.
ICANN went to significant lengths to make everything done with the KSK
extremely well documented and as public as humanly possible.
"Give us the signing keys."
"Sorry, we have all these complicated security procedures."
"The guy standing next to me is a US Marshal. You can give us the keys by
COB today, or he can haul your asses to jail. Your choice. If there are
other people whose help you need to get the keys and they're in the US,
they'll have the same choice. If they're outside the US, um, depends
where they are."
Regards,
John Levine, johnl@xxxxxxxx, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly