[Cryptography] Key escrow scheme

Phillip Hallam-Baker phill at hallambaker.com
Wed Apr 12 20:49:40 EDT 2017 

On Tue, Apr 11, 2017 at 4:06 PM, John Gilmore <gnu at toad.com> wrote:

> > I encrypt the RSA private key in AES 256 and store it on a cloud
> > service as the first step.
>
> This seems to me to be the single-point-of-failure-prone step.  Why do
> you think that the "cloud" will still deliver up this small opaque bag
> of bits many years from now when the share-holders so desparately need
> it?  Is somebody paying the bill for that storage all along?  Can that
> person decline to pay, some year, and unilaterally make the recovery
> key disappear?  Or, if the bill-payer is authorized over this account,
> can't they just submit a request to delete this blob?  What happens to
> your system's data when the cloud storage company fails (after clouds
> are replaced by vapor, for example, as the trendy new tech company VC
> fad)?
>
> I thought that the point of secret-sharing was to distribute the
> needed information in such a way that no single point of failure could
> cause the information to be lost.  And that e.g. a 3-out-of-7 secret
> share would mean that four failures would still not disable the
> ability of the remaining three to recover the secret.  Thinking this
> way suggests that the entire "recovery blob" should be stored INSIDE
> the shared secret, rather than being encrypted by the shared secret.
>

​From a practical point of view, the recovery information required is going
to be vastly more than the user can be expected to store. This is just the
apex of the user's personal PKI, the keys required for recovery. They are
keys that are not used for any other purpose.

Back in the 1990s, the idea that Internet access was ubiquitous was barely
acceptable. Today it is fine. The idea that we can find enough people
willing to save a few TB of personal PKI data for the planet is no longer
at all unreasonable. I am pretty sure a dozen people on this list will make
their own copies.

Beyond that, the chief concern motivating escrow of keys is to be able to
recover stored data. So it isn't hard to store a copy of the master escrow
profile etc. with the data itself. Most cases these days, the data is being
stored in the cloud anyway. ​

​What I a certainly not going to do is ask the user to re-escrow their keys
every time they make a change to their environment like adding a device. ​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170412/1f04aa33/attachment.html>

More information about the cryptography mailing list