[754] in cryptography@c2.net mail archive
Re: key recovery vs data backup
daemon@ATHENA.MIT.EDU (Paul Robichaux)
Thu May 8 12:30:28 1997
In-Reply-To: <199705080315.UAA00220@crypt.hfinney.com>
Date: Thu, 8 May 1997 08:15:20 -0600
To: cryptography@c2.net
From: Paul Robichaux <paul@ljl.com>
Hal Finney wrote about Blaze's "Net Escrow":
>The closest system I know to this is Matt Blaze's "Oblivious Key Escrow",
>also called "Net Escrow", at ftp://research.att.com/dist/mab/netescrow.ps
>(or .tex). In this system the secret key is split into thousands of shares
>which are cast onto the Internet winds like dandelion seeds. To recover
>a key you broadcast a call for shares, and those random parties who ended
>up with the proper pieces can supply them. Because of the broadcast, the
>key holder inevitably finds out about the recovery.
>
>In this form it is not really suitable for business use.
Neither were early web servers. A small, lightweight OKE server that can be
run on many machines within an organization solves the problem nicely. Any
company that has an intranet could easily include this in their standard
server distribution. An alternative would be to use OS-level replicators
like Microsoft's replication service or the freely available "mirror"
package to keep the dandelion seeds flowing around the intranet.
This might make an interesting spare-time project.
Cheers,
-Paul
--
Paul Robichaux | LJL Enterprises, Inc.
paul@ljl.com | "We are barbarian hordes; appease us with information or
<http://www.ljl.com> | we will ravage the countryside." -- David McCusker
Author, _Windows NT Server 4 Administrator's Guide_, ISBN 0761507515 (Prima)
