Who Can Perform Key Recovery?
Another issue around key recovery involves who is authorized to do it. Giving someone key recovery privileges implies that they are being given the ability to obtain ANYONEs keys, and can decrypt any private messages and perhaps even digitally sign messages with others identity. Therefore, personnel given this privilege should be highly trusted, and appropriate record-keeping methods should be in effect to help ensure that this privilege is not abused.
Because of the significant exposure presented by a single person having key recovery privileges, organizations have come up with a variety of ways to see that the cooperation of multiple staffers is required to recover a key. This is implemented differently depending on the key escrow system used, but usually involves some degree of M of N control, which is described in the next section.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.