[Cryptography] Backup is completely separate

John Kelsey crypto.jmk at gmail.com
Mon Sep 2 23:03:25 EDT 2013

The backup access problem isn't just a crypto problem, it's a social/legal problem.  There ultimately needs to be some outside mechanism for using social or legal means to ensure that, say, my kids can get access to at least some of my encrypted files after I drop dead or land in the hospital in a coma.  Or that I can somehow convince someone that it's really me and I'd like access to the safe deposit box whose password I forgot and lost my backup copy of.  Or whatever.  

This is complicated by the certainty that if someone has the power to get access to my encrypted data, they will inevitably be forced to do so by courts or national security letters, and will also be subject to extralegal pressures or attacks to make them turn over some keys.  I suspect the best that can be workably done now is to make any key escrow service's key accesses transparent and impossible to hide from the owner of the key, and then let users decide what should and shoudn't be escrowed.  But this isn't all that great an answer. 


More information about the cryptography mailing list