Sure. What I had said in my email was "Long-term secure preservation of the decryption keys themselves is typically raised as a concern, although personally I feel that solutions to this problem are straightforward, albeit complex." I view this as a compound problem that requires a combination of preservation storage principles and security principles to solve. First, the preservation storage part. There have to be multiple copies of the keys. Organizations doing digital preservation should be operating at multiple sites, and so it should be straightforward to take advantage of this to place copies at the multiple sites - the more the better. Second, the security part. The keys themselves obviously have to be secured in some way. This can be done with either additional encryption or physical security, ie a locking safe, or both. The key point is that this chain ultimately ends in human knowledge, i.e., people have to know secrets. The trick is ensuring that enough people know enough secrets to eventually lead to the encryption keys. Providing office staff at multiple sites with combinations to safes that contain the encrypted encryption keys that a more privileged group of repository administrators know the secret for is an example of adding multiple layers into the scheme. It is tempting, of course, to think of disaster scenarios where all secrets are lost. It's my assertion that this can in turn be addressed with multiple sites. It's impossible to reduce the risk of data loss due to lost keys to zero without undermining the encryption itself, but my point is that the risk can be brought into an acceptable range with a scheme that is well-thought-out by using technology and policy frameworks that we, as organizations doing digital preservation, ostensibly already possess. On 02/15/2012 10:01 PM, Andrew Woods wrote: > I am interested, Cory (and others), in your ideas around the issue of > long-term, secure management of the keys themselves. Would you be kind > enough to elaborate. > Andrew ############################ To unsubscribe from the NDSA-INFRASTRUCTURE list: write to: mailto:[log in to unmask] or click the following link: http://list.digitalpreservation.gov/SCRIPTS/WA-DIGITAL.EXE?SUBED1=NDSA-INFRASTRUCTURE&A=1