Is this the first ever practically-deployed use of a threshold scheme?
mheyman at gmail.com
mheyman at gmail.com
Wed Aug 11 15:56:49 EDT 2010
On Sun, Aug 1, 2010 at 7:10 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> ...does anyone know of any significant use [of split keys] by
> J.Random luser? I'm interested in this from a usability point
> of view.
>
Maybe not J.Random but J.Corporate...
A few jobs ago back in the late '90s, I worked for Network Associates
which had bought PGP (the company). We instituted the use of PGP (the
technology) corporate-wide for email and encrypted disk volumes. PGP
allows for enforceable key recovery - corporate clients demanded it.
Our corporate key recovery key was split into, I think, 5 parts with 3
parts required for key recovery. The parts were held by various
corporate executive/officer types.
The PGP product mostly hid from the end user the fact that every
PGP-encrypted thing had an encrypted private key along with it (you
could poke around and see the key recovery blob if you really wanted
to).
I don't know what the key recovery UI looked like.
>
> As a corollary, has anyone gone through the process of recovering a key from
> shares held by different parties...?
>
It just so happens, I lost my PGP private key a year or two into this
(failed to copy it when transferring to a new desktop). We had well
documented procedures for key recovery. I never got my key or data
back. I was never informed why. Perhaps the seldom used key recovery
software had bugs and wouldn't work for my key, or we couldn't get the
required big wigs into one room, or, probably most likely, at least
three big wigs lost their shares.
----
Michael Heyman
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list