Brad Ideas - Friendscrow -- Key Escrow Among Friends - Comments

brad — Wed, 12 May 2004 18:04:13 -0700

What’s different is that a paper at home will burn with your house, and one elsewhere can be taken with a subpoena (without your knowledge in some cases.)

Your friends are hopefully your friends, not about to conspire like this (unless you are dead) and they must (a) figure out who all the friends are and (b) not contact a friend who is opposed to the idea and will warn you.

Finally, as drafted above, the system can be totally automatic. The user literally does nothing, may not even be aware the key escrow is going on. The friends do nothing, are not aware they are holding fragments of the key. Only when you lose a key, or die, and you click on the help page for “how to get my key back” do you learn of the system that pre-distributed your key fragments, and how to use it to get them back. As a system that works with no user interface, it’s superior to many other systems because it would, unlike them, actually be used.

Paul — Wed, 12 May 2004 16:07:38 -0700

I'm missing how this improves over a little piece of paper locked in a box somewhere (box at home, safe deposit box, lawyer's offic), or a floppy disk with the codes intact.

If I can recover my keying data from my friends, my friends can rebuild my keying data without my help: not really one of my privacy goals.

At the suggestion of a friend, I'm using a USB flash drive on my keychain to store all my Internet "keys". I keep most of my passwords under PasswordSafe, so I can remember my (long) KeyPhrase from frequent use, and every now and then I'll back up the database to a floppy to be locked away. (Without advertising the tool, I no longer even know many of my own passwords.)

I'm hoping I won't have to wait more than a year or two before my contacts can be added to the chain in a usable fashion.

And hopefully, new services will require significant signature data for authentication in order to avoid certain of the problems we're currently facing with email ... so we'll have much more than one key to store (either locally, or with our 'eScareCrows').

Jim Griffith — Thu, 29 Apr 2004 07:28:18 -0700

I'm wary of automated systems which tell unsuspecting people "just go do this - it's safe". I recently encountered some address book synching software called Plaxo, which has a feature where the user clicks on a button and it sends out mail to everyone in the address book saying "I'm updating my information - please make sure this is correct". The catch is that the return address isn't the user - it's a Plaxo address, and Plaxo somehow later synchs up the user's information. I had to do net searches before I figured out that it probably was legitimate. But there's a fine line between "click this, don't worry about it, and everything is fine" and "click this, don't worry about it, and I'm phishing or trolling for email addresses", and I have an immediate dislike of mechanisms that lend themselves towards easy abuse by malicious people.

Mel Ruttan — Wed, 28 Apr 2004 02:36:18 -0700

Or use the "Deadman's Switch" at
http://daisyman.arsware.org/dms/

JohnO — Tue, 27 Apr 2004 10:21:31 -0700

I'm surprised no one has come up with this before.

It automates the "Give a friend a sealed envelope." that has been a staple of many mystery and spy stories.

Friendscrow -- Key Escrow Among Friends

brad — Tue, 27 Apr 2004 09:43:34 -0700

In thinking about the GMail encryption problem, I came to realize that for ordinary users liable to forget their passwords, it would not be suitable to tell them after such an event that all their email archives are forever lost. This means some sort of Key Escrow. Not the nasty kind done with the clipper chip, but one done voluntarily.

I came up with a system I call Friendscrow. (I suspect others have also thought of the same thing.) This is a ZUI (Zero User Interface) system, at least for normal operation.

Your key would be broken up into some number of fragments, say 20. The fragments would be arranged so that getting any 10 of them recovers the key, but getting fewer gets you no closer.

The system would search your mail logs to find your 20 most frequent correspondents in the system. (It has to be a big and popular system for this to take place, otherwise some UI is needed.) Most of these will be your friends, a few may be enmies. Techniques would be used to eliminate mailing lists, etc. If you want to add basic UI, you might scan and approve the list.

The key fragments are then distributed to the 20 close contacts. They will not know this has been done, the fragement will just be placed in their files, encrypted with their key.

If you lose your key (or when you die) you use your friends to get it back. You mail those you know to be your closest correspondents a special message. It says to them, "You may not know it, but you may have a fragment of my lost key. Go to the system and click on the link to help a friend recover a password."

The link explains that you should first confirm you are really talking to the friend through some other means than e-mail. Or confirm that they are dead. It will ask you to confirm they are not under duress. Then it will give you the fragment to hand over to the authorized person.

You should be able to find half the fragments, which would be enough to get back your key, and read your archives again.