LISTSERV 16.5 - NDSA-INFRASTRUCTURE Archives

Sure.

What I had said in my email was "Long-term secure preservation of the 
decryption keys themselves is typically raised as a concern, although 
personally I feel that solutions to this problem are straightforward, 
albeit complex."

I view this as a compound problem that requires a combination of 
preservation storage principles and security principles to solve.

First, the preservation storage part. There have to be multiple copies 
of the keys. Organizations doing digital preservation should be 
operating at multiple sites, and so it should be straightforward to take 
advantage of this to place copies at the multiple sites - the more the 
better.

Second, the security part. The keys themselves obviously have to be 
secured in some way. This can be done with either additional encryption 
or physical security, ie a locking safe, or both. The key point is that 
this chain ultimately ends in human knowledge, i.e., people have to know 
secrets. The trick is ensuring that enough people know enough secrets to 
eventually lead to the encryption keys. Providing office staff at 
multiple sites with combinations to safes that contain the encrypted 
encryption keys that a more privileged group of repository 
administrators know the secret for is an example of adding multiple 
layers into the scheme.

It is tempting, of course, to think of disaster scenarios where all 
secrets are lost. It's my assertion that this can in turn be addressed 
with multiple sites.

It's impossible to reduce the risk of data loss due to lost keys to zero 
without undermining the encryption itself, but my point is that the risk 
can be brought into an acceptable range with a scheme that is 
well-thought-out by using technology and policy frameworks that we, as 
organizations doing digital preservation, ostensibly already possess.

On 02/15/2012 10:01 PM, Andrew Woods wrote:
> I am interested, Cory (and others), in your ideas around the issue of
> long-term, secure management of the keys themselves. Would you be kind
> enough to elaborate.
> Andrew

############################

To unsubscribe from the NDSA-INFRASTRUCTURE list:
write to: mailto:[log in to unmask]
or click the following link:
http://list.digitalpreservation.gov/SCRIPTS/WA-DIGITAL.EXE?SUBED1=NDSA-INFRASTRUCTURE&A=1