[145642] in cryptography@c2.net mail archive
Re: Is this the first ever practically-deployed use of a threshold
daemon@ATHENA.MIT.EDU (mheyman@gmail.com)
Wed Aug 11 20:27:46 2010
In-Reply-To: <E1OfWRT-0003HK-SM@wintermute02.cs.auckland.ac.nz>
Date: Wed, 11 Aug 2010 15:56:49 -0400
From: "mheyman@gmail.com" <mheyman@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: cryptography@metzdowd.com
On Sun, Aug 1, 2010 at 7:10 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz> w=
rote:
> ...does anyone know of any significant use [of split keys] by
> J.Random luser? =A0I'm interested in this from a usability point
> of view.
>
Maybe not J.Random but J.Corporate...
A few jobs ago back in the late '90s, I worked for Network Associates
which had bought PGP (the company). We instituted the use of PGP (the
technology) corporate-wide for email and encrypted disk volumes. PGP
allows for enforceable key recovery - corporate clients demanded it.
Our corporate key recovery key was split into, I think, 5 parts with 3
parts required for key recovery. The parts were held by various
corporate executive/officer types.
The PGP product mostly hid from the end user the fact that every
PGP-encrypted thing had an encrypted private key along with it (you
could poke around and see the key recovery blob if you really wanted
to).
I don't know what the key recovery UI looked like.
>
> As a corollary, has anyone gone through the process of recovering a key f=
rom
> shares held by different parties...?
>
It just so happens, I lost my PGP private key a year or two into this
(failed to copy it when transferring to a new desktop). We had well
documented procedures for key recovery. I never got my key or data
back. I was never informed why. Perhaps the seldom used key recovery
software had bugs and wouldn't work for my key, or we couldn't get the
required big wigs into one room, or, probably most likely, at least
three big wigs lost their shares.
----
Michael Heyman
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
