[Cryptography] Mesh Key Recovery

Phillip Hallam-Baker phill at hallambaker.com
Thu Oct 26 21:51:50 EDT 2017

On Thu, Oct 26, 2017 at 8:52 PM, Natanael <natanael.l at gmail.com> wrote:
> Den 27 okt. 2017 00:09 skrev "Phillip Hallam-Baker" <phill at hallambaker.com>:
> In the real world, houses are destroyed by flood and fire, people are
> displaced by war or tyrannical governments. If we are to meet the full
> security requirements of users we must consider data availability to
> be at least as important as data confidentiality.
> Quick thought: isn't it possible / likely to have different sets of data,
> where for one you'd rather lose all copies than give it away (like say a
> diary) while other data would rather be made public than lost (such as
> family photos)?

Absolutely. And I discuss those use cases in the paper:

I want my family to know where I buried Aunt Agatha's jewelry but not
where I buried Aunt Agatha.

> Would it be practical to define independent sets of data with different
> recovery keys for such purposes? One key you can be less careful with, one
> that you protect carefully? (Or even more tiers)

Yes. But this sets up additional UI overhead and is not something I am
going to attempt to implement in a line mode client.

The way that I would implement these use cases is by using
Mesh/Recrypt which uses proxy re-encryption. I would add the family to
the recryption groups I wanted them to be able to recover and not to
the groups I did not want them to be able to recover.

> I've already been thinking about how a personal identity system should have
> some representation of "personas" / contexts, and it could be something
> simple in terms of interface like "family stuff" vs "secrets", or however
> you want to represent it. Like having different "workspaces", or several
> "Facebook pages" tied to the same person. Rather than micromanaging
> permissions for most data you add into the system, you link it to contexts.
> And recovery options with it. (although I believe most people would choose
> the same recovery procedure for everything just for simplicity).

Right now, the percentage of PGP users that use PGP is vanishingly
small. I think we need to fix that before attempting requirements with
more demanding UI needs.

More information about the cryptography mailing list