[146530] in cryptography@c2.net mail archive
Re: [Cryptography] Backup is completely separate
daemon@ATHENA.MIT.EDU (John Kelsey)
Tue Sep 3 00:54:08 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <D54C04DB-B48E-48CD-8FCC-2DF548BF64F9@gmail.com>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Mon, 2 Sep 2013 23:03:25 -0400
To: Phill <hallam@gmail.com>
Cc: =?utf-8?Q?Far=C3=A9?= <fahree@gmail.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Peter Saint-Andre <stpeter@stpeter.im>,
"Perry E. Metzger" <perry@piermont.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
The backup access problem isn't just a crypto problem, it's a social/legal problem. There ultimately needs to be some outside mechanism for using social or legal means to ensure that, say, my kids can get access to at least some of my encrypted files after I drop dead or land in the hospital in a coma. Or that I can somehow convince someone that it's really me and I'd like access to the safe deposit box whose password I forgot and lost my backup copy of. Or whatever.
This is complicated by the certainty that if someone has the power to get access to my encrypted data, they will inevitably be forced to do so by courts or national security letters, and will also be subject to extralegal pressures or attacks to make them turn over some keys. I suspect the best that can be workably done now is to make any key escrow service's key accesses transparent and impossible to hide from the owner of the key, and then let users decide what should and shoudn't be escrowed. But this isn't all that great an answer.
--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
