[Cryptography] Help please, considering design of personal CA for PPE

[John Kelsey]

There's a really fundamental problem somewhere in here.  People forget stuff.  They get old.  They die.  They get Alzheimer's.  They go crazy.  They disappear at sea.  

And then, you need to decide who gets their information, or access to their accounts, or whatever.  Strong crypto gives us the means to decide who will have that access, but the simplest solution is nobody--once your password is not available, nobody can guess it, so nobody gets access to your encrypted drive.  Another simple solution is to define one TTP as an escrow agent, and let him decide who gets access.  And then, there's an incentive for all kinds of people to parasitize that system--policemen and spies looking to listen in on people (with or without tiresome hearings and warrants), lawyers (or their well-funded employers) wanting to do discovery, companies with effective lobbyists who want to get the rules for who gets access set up for their benefit, etc.  

And yet, you ultimately need some kind of human judgment there.  A court that can declare me dead and give my wife and kids access to my encrypted data (or my account passwords) is also a court that can silently give the cops access to my encrypted data.  

The current solution is that probably the NSA can access a lot of my encrypted data and can probably get access to any account I have in the US, but my family won't be able to get to it if I'm dead or incapacitated.  

I suspect that the best that can be done here is to create a TTP (or network of TTPs) with the ability to grant some kind of escrow access, and force it to act in a public way.  But since probably every government in the world will instantly want to subvert that system, it's hard to see anyone trusting it much.  

--John