[3019] in cryptography@c2.net mail archive
Re: IETF building GAK into the PKI
daemon@ATHENA.MIT.EDU (Dan Geer)
Tue Jul 21 11:21:47 1998
To: perry@piermont.com
Cc: cryptography@c2.net
Date: Tue, 21 Jul 1998 01:46:12 -0400
From: Dan Geer <geer@world.std.com>
<perry@jekyll.piermont.com> writes:
I will point out, however, that such needs are to recover DATA -- that
is, to make sure that if an employee is hit by a bus, you continue to
be able to get at their files.
Perry,
With respect to key escrow, it would seem possible to technically
separate the surveillance capability from the data recovery
capability using split-key (threshold) cryptography. See the
example below for the thrust of the idea.
--dan
--------------8<-------------cut-here-------------8<-------------
Worked Example -- Data recovery form of key escrow
Alice has
* a laptop with quorumed threshold cryptography modules
* a smartcard with quorumed threshold cryptography modules
* service relationship with a cryptographic file system
Company has
* a secure data vault
Alice
* generates a confidentiality key on her smartcard
* splits her confidentiality key into a 2-of-3 quorum
* loads one fragment onto her laptop (via safe means)
* deposits one fragment in Company secure data vault (via safe means)
* retains one fragment on her smartcard
* destroys the full key on the smartcard
Alice thereafter
* inserts the smartcard into the laptop
* gets service from cryptographic file system
======== failure recovery ========
Alice loses laptop: Company supplies fragment to Alice
Alice loses smartcard: Company supplies fragment to Alice
Alice loses life: Company needs recover either smartcard or laptop
END
