Key escrow granularity (Was: If only Vxxxx Fxxxxx had used encryption)

Futplex futplex at pseudonym.com
Thu Aug 10 23:18:41 PDT 1995


Monty Harder writes:
> The details of the protocol(s) can be worked out after the basic premise:
> 
>        There is no reason for anyone to give up the "master key" to all
>      of their business, when the minimal overhead in storage space for
>      adding an escrowed =session= key will suffice.

More generally, the granularity of the chunk of data protected by each
escrowed key can be varied -- the tradeoff is between the cost of a key
loss and the cost of data storage. A few escrowed master keys are very
cheap to store and very expensive to lose. Each session key is
comparatively worthless on its own, but you could end up having to store an
avalanche of them.  I suspect that something close to session granularity
makes sense in the real world; multi-GB HDs tend to be much cheaper than
asking the NSA to guess your keys for you, etc. Of course, you could also
get into escrowing project keys, dept. keys, etc., ad nauseum.

Choosing session granularity is highly recommended when permitting GAK a la
SB 974 :|

-Futplex <futplex at pseudonym.com>





More information about the cypherpunks-legacy mailing list