[146533] in cryptography@c2.net mail archive
Re: [Cryptography] Keeping backups (was Re: Separating concerns
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Tue Sep 3 12:30:41 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <E1VGrMq-0006G5-CR@login01.fos.auckland.ac.nz>
Date: Tue, 3 Sep 2013 11:02:55 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: =?ISO-8859-1?Q?Fran=E7ois=2DRen=E9_Rideau?= <fahree@gmail.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Perry Metzger <perry@piermont.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5377817293078727686==
Content-Type: multipart/alternative; boundary=089e01228148d7094904e57bfbe7
--089e01228148d7094904e57bfbe7
Content-Type: text/plain; charset=ISO-8859-1
Want to collaborate on an Internet Draft?
This is obviously useful but it can only be made useful if everyone does it
in the same way.
On Tue, Sep 3, 2013 at 10:14 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz>wrote:
> Phillip Hallam-Baker <hallam@gmail.com> writes:
>
> >To backup the key we tell the device to print out the escrow data on
> paper.
> >Let us imagine that there there is a single sheet of paper which is cut
> into
> >six parts as follows:
>
> You read my mind :-). I suggested more or less this to a commercial
> provider
> a month or so back when they were trying to solve the same problem.
> Specifically it was "if you lose your key/password/whatever, you can't call
> the helpdesk to get your data back, it's really gone", which was causing
> them
> significant headaches because users just weren't expecting this sort of
> thing.
> My suggestion was to generate a web page in printable format with the key
> shares in standard software-serial-number form (XXXXX-XXXXX-XXXXX etc) and
> tell people to keep one part at home and one at work, or something similar,
> and to treat it like they'd treat their passport or insurance
> documentation.
>
> Peter.
>
--
Website: http://hallambaker.com/
--089e01228148d7094904e57bfbe7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Want to collaborate on an Internet Draft?<div><br></div><d=
iv>This is obviously useful but it can only be made useful if everyone does=
it in the same way.</div></div><div class=3D"gmail_extra"><br><br><div cla=
ss=3D"gmail_quote">
On Tue, Sep 3, 2013 at 10:14 AM, Peter Gutmann <span dir=3D"ltr"><<a hre=
f=3D"mailto:pgut001@cs.auckland.ac.nz" target=3D"_blank">pgut001@cs.aucklan=
d.ac.nz</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D=
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class=3D"im">Phillip Hallam-Baker <<a href=3D"mailto:hallam@gmail.c=
om">hallam@gmail.com</a>> writes:<br>
<br>
>To backup the key we tell the device to print out the escrow data on pa=
per.<br>
>Let us imagine that there there is a single sheet of paper which is cut=
into<br>
>six parts as follows:<br>
<br>
</div>You read my mind :-). =A0I suggested more or less this to a commercia=
l provider<br>
a month or so back when they were trying to solve the same problem.<br>
Specifically it was "if you lose your key/password/whatever, you can&#=
39;t call<br>
the helpdesk to get your data back, it's really gone", which was c=
ausing them<br>
significant headaches because users just weren't expecting this sort of=
thing.<br>
My suggestion was to generate a web page in printable format with the key<b=
r>
shares in standard software-serial-number form (XXXXX-XXXXX-XXXXX etc) and<=
br>
tell people to keep one part at home and one at work, or something similar,=
<br>
and to treat it like they'd treat their passport or insurance documenta=
tion.<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
Peter.<br>
</font></span></blockquote></div><br><br clear=3D"all"><div><br></div>-- <b=
r>Website: <a href=3D"http://hallambaker.com/">http://hallambaker.com/</a><=
br>
</div>
--089e01228148d7094904e57bfbe7--
--===============5377817293078727686==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5377817293078727686==--
