At 06:04 PM 8/13/2015, John Levine wrote:
Also scalability. In the Apple iMessage system, every user has a
separate key pair and only sends the public key to the Apple
directory. How do you fragment and escrow all umpteen million of
the private keys?
You don't. You create some number of key pairs for escrow and each session key
is encrypted under both the normal key pair and one of the escrow key pairs.
After that's its mostly a database problem - but lots of communities deal with
very large data set management. If you want better policy control you impose
some sort of N of K model to reconstitute the encrypted keys.
I'm not recommending this or opposing it - just saying that its possible in
pretty much any case to design some sort of key recovery system that meets a
specific policy and that is manageable. Even for 100s of millions of keys.
Mike