[Cryptography] Escrowing keys

[Phillip Hallam-Baker]

On Sat, Apr 29, 2017 at 1:25 PM, Salz, Rich <rsalz at akamai.com> wrote:

> > But no hardware can really be trusted beyond a ten year service life.
>
> The average age of US cars on the road is 11.4 years. Major appliances
> (furnace, 16-20), refrigerator (14-17), hot water heater (12-14).
> Elevators, 20 years.
>
> What's your target market?
>

​Same as the Web. Mass market. ​Looking to be equally ubiquitous.

Even if people only need to rejig their personal mesh once a decade it is
going to be serious upheaval and I don't see a security return.


The big problem I have with hardware is that it is likely to be lost.
Particularly when it isn't going to be used on a regular basis. The idea of
the escrow scheme is to assure people that they won't lose the pictures of
the kids when they were 5 if the house burns down.

In a corporate market, yeah, HSMs are definitely the way to go. And we can
have great fun developing infrastructures that help enterprises support all
of that. But in the consumer space, they are likely to be more trouble than
they are worth for apex trust.

What I can see is a dedicated HSM targeted at consumers for managing the
equivalent of the intermediate cert key. Take an android tablet, install a
single purpose stripped down OS with just the key management tools. Use
that as the terminal for managing the whole smart house network. I totally
see the value there. I also see value in some sort of Raspberry Pi class
device that is an always on, always connected home hub for the mesh
systems. But any time you install hardware, you have to have a plan for
what to do if it breaks.

At some point, the turtle has to be standing on something that isn't a
turtle.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170429/25f664cc/attachment.html>