Tim May <tcmay@got.net> writes:
At 11:42 AM -0700 10/10/96, Bill Frantz wrote:
At 10:13 AM 10/9/96 -0800, Timothy C. May wrote:
[...] One technical approach is described in:
"A Revocable Backup System", dabo@cs.princeton.edu (Dan Boneh) and rjl@cs.princeton.edu (Richard J. Lipton) in The 6th USENIX Security Symposium Proceedings.
Basically the idea is to encrypt the file on the backup (tape) and then lose the encryption key when you want to "forget" the file.
Given that keys = data, this just transfers the problem from one set of data to another set of data. (Wanna bet a lot of ISPs would keep backups of the disk with the keys on it?)
They could always use public key crypto, and use the _user's_ public key for the users data, then the ISP hasn't got the private key to leave lying around, or to divulge in case of a supeona. The backups are for the _users_ benefit so this puts the onus of key management of encrypted backups where it belongs, with that user. Of course, as Ray (?) pointed out, an ISP is going to translate this into unnecessary complications, and won't bother unless someone offers a service differentiated on this point, and this kind of service gets popular. I'm sure that this would be easy to implement with unix, a shell script. If anyone wants one, I'll write it. (Just have a .pgp-backup file containing a PGP public key in any directories you want encrypted backups rather than clear backups, say) Adam [the rsa .sig just got smaller still] -- #!/bin/perl -sisN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsjxII*op" $/=unpack('H*',<>);print pack('C*',split('\D+',`echo 16i\U$k"SK$/SM$n\E$^I|dc`))