[Cryptography] Confidential Document Management, the right name or weaselly marketing?

Fri Aug 19 12:48:19 EDT 2016

Den 19 aug. 2016 06:29 skrev "Phillip Hallam-Baker" <phill at hallambaker.com>:
>
> So, I am working on a document to describe the use of Mesh/Recrypt, a
messaging infrastructure built on the Mathematical Mesh that uses Proxy
Re-encryption to allow control of access to confidential documents.

> In the typical enterprise (e.g. the NSA) there are large quantities of
data that are confidential for some reason (e.g. the powerpoint slides
describing PRISM) that must be stored on enterprise controlled servers
managed by people who do not have a need to know the contents of the
material they manage (e.g. 29 year old contractors).
>
> If such an enterprise was security conscious and technically capable, it
would surely want to restrict the distribution of such confidential
material to exactly the set of people with a need to know. And this is
where proxy Re-Encryption is such a powerful tool.
>
> The encryption key of a proxy re-encryption keyset corresponds to a
security label (e.g. prism at nsa.gov)
>
> The decryption key of of a proxy re-encryption keyset corresponds to the
right to administer that security label (e.g. Col. Mustard)
>
> Recryption keys in a proxy re-encryption keyset are generated by the
administrator and correspond to a grant of read access to the material
(e.g. Cpt Prang).

> So what I need is a new name that dispenses with the onward distribution
baggage that the DRM and CRM terms focus on. My objective is to control the
distribution of confidential documents so that these are secured end-to-end
and are not visible to administrators of servers, anyone who might find a
thumb drive or buy a hard drive off EBay.
>
> So the names I am considering are:
>
> Confidential Document Control
> Confidential Document Management
> Confidential Content Control
> Confidential Content Management
>
> Or is trying to separate this problem from the established CRM problem
too weaselly?

My first thought went to completely different keywords, regarding the
naming. Proxy re-encryption, for example, reminds me of blinded signatures
in both purpose and mechanism. And the whole point is to make it easy and
safe for those with access (in possession of decryption keys) to give
another person in the organization access.

And the keys we want to manage with it might not always be used just for
documents, but maybe as credentials for controlling various systems
(continuing the NSA examples, keys for read-only access to XKeyScore vs
admin access).

So why not something like these;

Blinded Credential Management
Blinded Credential Forwarding
Blinded Document Access Forwarding
Confidential Key Management
Confidential Access Management

These names should all be self-explanatory in context.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160819/97aa17d7/attachment.html>