[Clips] Re: Commercial Key Escrow?

R. A. Hettinga rah at shipwright.com
Sat Jan 21 06:14:01 PST 2006 

--- begin forwarded text


  Delivered-To: clips at philodox.com
  Date: Sat, 21 Jan 2006 09:12:05 -0500
  To: "Philodox Clips List" <clips at philodox.com>
  From: "R. A. Hettinga" <rah at shipwright.com>
  Subject: [Clips] Re: Commercial Key Escrow?
  Reply-To: rah at philodox.com
  Sender: clips-bounces at philodox.com


  --- begin forwarded text


   Cc: "Philodox Clips List" <clips at philodox.com>
   From: Nicko van Someren <nicko at ncipher.com>
   Subject: Re: Commercial Key Escrow?
   Date: Sat, 21 Jan 2006 11:03:20 +0000
   To: "R. A. Hettinga" <rah at shipwright.com>

   On 20 Jan 2006, at 22:58, R. A. Hettinga wrote:

   > --- begin forwarded text
   >
   >   Date: Fri, 20 Jan 2006 14:10:54 -0800
   >   From: ericm at lne.com
   >   To: cypherpunks at jfet.org
   >   Subject: Re: Commercial Key Escrow?
   >   User-Agent: Mutt/1.4.1i
   >   Sender: owner-cypherpunks at jfet.org
   >
   >   On Fri, Jan 20, 2006 at 04:38:56PM -0500, R. A. Hettinga wrote:
   >> At 1:26 PM -0800 1/20/06, ericm at lne.com wrote:
   >>> I'm looking for someone who provides an actual commercial key
   >>> escrow service, not double encryption with a master key.
   >>
   >> One would think that the effect, being the same, creates a
   >> distinction
   >> without a difference?
   >
   >   In some cases, yes.  But not for this application.
   >
   >   I really am looking for a commercial trusted third party to hold
   > keys.
   >
   >   I've found a bunch of references from ~10 years ago that say
   >   that someday commercial key escrow will be prevalent
   >   but it appears that someday hasn't yet arrived.
   >
   >   My problem is in many ways similar to the problem a CA would face
   >   in ensuring business continuity in a business that depends on
   >   keeping secrets.
   >
   >   What does say Verisign do to back up their root CA private keys?
   >   They probably have a bunch of BBN SafeKeypers (or rather the modern
   >   equivalent FIPS-140 hardware).  What if all of them croak at the
   > same time?
   >
   >   Do they keep multiple backups?  What happens if the keys/passphrases
   >   for those backups are lost?
   >
   >   Or secret sharing?  What if N-(K+1) shares are destroyed?  Do they
   >   just quit the CA business then?  There presumeably are scenerios
   >   under which that is the only answer, and Verisign has judged their
   >   possibility to be so remote and/or their solution cost so high
   >   that they are not worth defending against.
   >
   >   What would Verisign do if they didn't have security experts to
   >   decide what's an acceptable risk and what isn't, and instead
   >   just wanted to have someone else deal with the problem for them?

   No matter what sort of architecture one chooses for long term key
   protection it is inevitably going to fail once some threshold
   fraction of the system fails.  With a simply multiple copies system
   you have to have 100% failure, but such a system has poorer security
   properties.  K-of-N threshold schemes fail once you've lost N-(K+1)
   shares but generally have much better security.  It is my
   understanding that Verisign have multiple HSMs for the root and they
   simply go out of their way to keep them very safe.  At nCipher our
   critical keys (such as firmware signing keys) are distributed using a
   threshold scheme and we have procedures in place to periodically
   check the integrity of each share (though never checking more than
   one at a time).

   As far as I know there are no active commercial key escrow services
   around.  One problem is that the half-life of Internet companies is
   short compared to the time people seem to want to keep their keys so
   it would be hard to trust such a company unless it was very carefully
   set up.

   Cheers,
   	Nicko

  --- end forwarded text


  --
  -----------------
  R. A. Hettinga <mailto: rah at ibuc.com>
  The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
  44 Farquhar Street, Boston, MA 02131 USA
  "... however it may deserve respect for its usefulness and antiquity,
  [predicting the end of the world] has not been found agreeable to
  experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
  _______________________________________________
  Clips mailing list
  Clips at philodox.com
  http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list