[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Key escrow granularity (Was: If only Vxxxx Fxxxxx had used encryption)

To: [email protected] (Cypherpunks Mailing List)
Subject: Key escrow granularity (Was: If only Vxxxx Fxxxxx had used encryption)
From: [email protected] (Futplex)
Date: Fri, 11 Aug 1995 02:18:33 -0400 (EDT)
In-Reply-To: <[email protected]> from "MONTY HARDER" at Aug 10, 95 08:44:00 pm
Reply-To: [email protected] (Cypherpunks Mailing List)
Sender: [email protected]

Monty Harder writes:
> The details of the protocol(s) can be worked out after the basic premise:
> 
>        There is no reason for anyone to give up the "master key" to all
>      of their business, when the minimal overhead in storage space for
>      adding an escrowed =session= key will suffice.

More generally, the granularity of the chunk of data protected by each
escrowed key can be varied -- the tradeoff is between the cost of a key
loss and the cost of data storage. A few escrowed master keys are very
cheap to store and very expensive to lose. Each session key is
comparatively worthless on its own, but you could end up having to store an
avalanche of them.  I suspect that something close to session granularity
makes sense in the real world; multi-GB HDs tend to be much cheaper than
asking the NSA to guess your keys for you, etc. Of course, you could also
get into escrowing project keys, dept. keys, etc., ad nauseum.

Choosing session granularity is highly recommended when permitting GAK a la
SB 974 :|

-Futplex <[email protected]>

References:
- If only Vxxxx Fxxxxx had used encryption....
  - From: [email protected] (MONTY HARDER)

Prev by Date: Clinton to resign?
Next by Date: Re: This summer's special delivery?
Prev by thread: If only Vxxxx Fxxxxx had used encryption....
Next by thread: Re: More "S-1" foolishness (fwd)
Index(es):
- Date
- Thread