1997-10-14 - commercial data recovery

Header Data

From: Zooko Journeyman <zooko@xs4all.nl>
To: aba@dcs.ex.ac.uk
Message Hash: 02384e50bb32ddbf69855f12187af0b3bd89a5759e9e3cde4f7146146453cf9e
Message ID: <199710141053.MAA03610@xs1.xs4all.nl>
Reply To: N/A
UTC Datetime: 1997-10-14 11:17:16 UTC
Raw Date: Tue, 14 Oct 1997 19:17:16 +0800

Raw message

From: Zooko Journeyman <zooko@xs4all.nl>
Date: Tue, 14 Oct 1997 19:17:16 +0800
To: aba@dcs.ex.ac.uk
Subject: commercial data recovery
Message-ID: <199710141053.MAA03610@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain



[Note-- I am not subscribed to ietf-open-pgp at this time.  My
 apologies if this submission from a non-subscriber is 
 unwanted.  I will be brief.  --Zooko]


Adam, I applaud your effort to steer discourse toward 
productive work re: GAK, CMR, CDR.  I haven't thought about 
your idea enough to have a definite opinion, but at first blush
it seems a promising strategy to design high-security and 
forward-secrecy for communication but recovery/sharing features
for stored data.


I wonder if it is too much early-days to start talking about
advanced protocols e.g. secret-splitting in IETF-Open-PGP?  
Probably so.  Better just punch out a standard with current
tech...



Hm.  What about the idea of storing your data remotely (for
cost-efficiency, safety, etc.) using encryption to maintain 
your privacy?  In that case, the distinction between comms and
storage keys is blurred.  A company may choose to e.g. store 
all long-term data at Zooko's Backup Server, encrypted in such
a way that some combination of corporate keys (controlled by 
individual employees and/or departments) is necessary to 
decrypt each package of data.  This would open the door, as you
fear, for a government to mandate that _its_ key be added to 
each set, with authority to open any package even without the 
cooperation of any corporate keys.


I'm not sure how to weigh the relative risks and benefits.  
I (ever so humbly) think that Zooko's Backup Server would be a
great value for businesses, and that part of that value would
be the ability to make data unlockable by various keys, both
for administrative/internal security purposes and for 
robustness against accidents and saboteurs.


Zooko's Backup Server can be physically located in a country 
free of such intrusive organizations, but of course it is the
intrusive organizations of the _client's_ country that become
important with that kind of protocol...


Regards,

Zooko

P.S.  There is already a company whose name I have forgotten 
that offers hard-drive backups over TCP/IP.  They use some 
encryption but I don't know how strong.






Thread