IETF Logo Mail Archive

Re: [Cfrg] [Mathmesh] A different approach to key escrow

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 09 September 2019 15:09 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E585912080F for <cfrg@ietfa.amsl.com>; Mon, 9 Sep 2019 08:09:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.915
X-Spam-Level:
X-Spam-Status: No, score=-1.915 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D9KQ1i8vYz2b for <cfrg@ietfa.amsl.com>; Mon, 9 Sep 2019 08:09:23 -0700 (PDT)
Received: from mail-ot1-f41.google.com (mail-ot1-f41.google.com [209.85.210.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6EDE12080E for <cfrg@irtf.org>; Mon, 9 Sep 2019 08:09:22 -0700 (PDT)
Received: by mail-ot1-f41.google.com with SMTP id 21so12725096otj.11 for <cfrg@irtf.org>; Mon, 09 Sep 2019 08:09:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hDsgN1pMOC8iGIY8ACA6zazzTyZTiqTVEZQW8C0atJU=; b=l7KkA976Wa8427OlKSn4ndpmggmSRGWrp2wqDVqU98sqDqbfl3ctxSXxv9nJhfUfTB OZ2ecvRY5Gu3Na4O6UuAtEah2+riYW3eVDoEMv4ccvMPGLGmYxlu1EXo1akG4BxB+3A3 yRm+R7nK/hFB36Pvn2AZv4F4fuBoPOcJH0uPbHPuWXOlGxitXW3r37Fu58mEOrRsUio3 psgcGfetyAwj4HSy+dTMejGXf+KhCn44NCn12utQ9k47Kg02c6ZwuATv5CQh1IufV02r fK3pZE4s+aGuchR93/IuLxFYaNXLuy+AjzHzZI+iX0UPTj43AC2SwnMg0IN8UZ69o9R3 SA1Q==
X-Gm-Message-State: APjAAAVKbAuH62cZH+7Y4hN0MIIiY4w6CH4+ToKm5OukUAw5+WwTmblO ojaBIuq4sDUBssMY++r3gm2l+i/ocBXpXkyzN80=
X-Google-Smtp-Source: APXvYqzB6ZFuw8kDzuuWh4Asjv7etnMmGw6Cfj3c+CFRNnOoUpjUI/Bcy7JUxXbKSquWhja0iyz00dneS/Ry8Z9SJZ0=
X-Received: by 2002:a9d:4786:: with SMTP id b6mr15242685otf.112.1568041762103; Mon, 09 Sep 2019 08:09:22 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+LwiZqA=M90YdmQOV+sAy+T-prhzphct2bsOyPmaQ4V2oOA@mail.gmail.com> <6241.1567487279@localhost> <CAMm+LwhKHHz8e6b2C61zjFDv+shsLsBgxaAv=88dFG3kdJ9Fiw@mail.gmail.com> <14973.1567579627@dooku.sandelman.ca> <CAMm+LwhYv+m3swyipb5_7_N0-f0wM4MBSW4KFz4c=WT4jQzHfw@mail.gmail.com> <28565.1567943136@dooku.sandelman.ca>
In-Reply-To: <28565.1567943136@dooku.sandelman.ca>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 09 Sep 2019 11:09:10 -0400
Message-ID: <CAMm+Lwgw1we0NJrmQGP9Lgd8jpCvbg=L1q1NY6RrC0tShogVJg@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: mathmesh@ietf.org, cfrg@irtf.org
Content-Type: multipart/alternative; boundary="0000000000003928680592202c94"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/oIyVO_I8VO2wWfdsfYvDKnga-ro>
Subject: Re: [Cfrg] [Mathmesh] A different approach to key escrow
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2019 15:09:25 -0000

On Sun, Sep 8, 2019 at 7:45 AM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> I understand now. The master escrow key can be used to escrow both
> asymmetric
> private keys, but also to escrow session-level keys used for specific
> purposes (such as the disk encryption example)
>

Yes, sorry for the confusion. I am trying to unpack this all and make two
video presentations describing first what the Mesh is trying to do and
second the components used to do it.

The three big problems I see in Internet security are
1) Managing and credentialing the users keys across their many devices.
2) Managing and accepting contact information including public keys of
other users and services
3) Securing data at rest.

The mechanism required to address any one of these by itself is only
slightly less than the mechanism required to solve all three

v2.23.0 | Report a Bug | By Email