|
There are a variety of "key recovery," "key escrow," and "trusted third party" encryption requirements that have been suggested in recent years by government agencies. All key recovery systems require the existence of a highly sensitive and highly available secure secret key system.
Key recovery is sometimes called "key escrow." Key recovery is used as a generic term for these systems, encompassing the various key escrows, trusted third party, and key recovery encryption systems introduced in recent years. Although there are some differences between these systems, the distinctions are not critical for our purposes. A CA can exist without any form of key recovery and a key recovery infrastructure can exist completely independently of any CA infrastructure. More and more businesses understand the importance of key backup because they must be able to retrieve encrypted data when users lose their decryption keys, forget their passwords, or leave the organization.
Why do we need a key recovery mechanism? Users can lose the keys, in which case you may need to declare the keys "compromised." If a user loses a certificate, he or she will not be able to read any encrypted mail, which could result in lost data. Having a key escrowed (or in a backup) will allow you to access that data. But this is also a problem. Another big problem, and one that each company must deal with, is, who will have access to the backups (aka "escrows")? We cannot recommend that all companies have an escrow; in some cases, this could be a violation of the policies and procedures of that company. What we do recommend is that you review the business needs in relation to the security requirements, then make your own decision. Also, you may issue two keys, one for encryption and one for signatures. The encryption key will be escrowed, and the signature certificate will not be escrowed. Why do this? The reason is nonrepudiation: If you back up the signature keys, someone could access the keys and use them illicitly. Following are considerations for having one or more keys and using escrows:
Business requirements
Support requirements
Nonrepudiation requirements
Encryption requirements
Roaming users (in some cases, the certificate with the private key is stored in some type of encrypted directory don't lose control of this!)
Cost
Protection requirements if an escrow is implemented in your company
|