On Thu, Aug 17, 2023 at 4:47 PM John Levine <johnl@xxxxxxxxx> wrote:
It appears that Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> said:
>> It is certainly doable, but not in a fully automated way.
>See my response to Don. These are real costs but costs I have already
>considered and assigned to other parties in the Mesh Infrastructure. The
>Mesh is primarily an infrastructure for securing data at rest. I see you
>'lose your fancy name' and raise you a 'lose the pictures of the kids at
>5'. These are hard problems which is why I am focused on them.
Well, OK, here's a not entirely hypothetical example. An IETF
contributor has recently died. His laptop is locked to his fingerprint
so we can't get into it. We did get access to his email account. We
want to update his account so all of the addresses are inactive.
What do we do?
Every real world system I know has some way to do an administrative
override if you present enough external data, e.g., a death certificate.
There are two separate answers to this question.
1) What does the Mesh support now
2) What sort of approaches might we expect in a full deployment
Right now the Mesh has a single architect who is also the main implementer. That was necessary because the main reason I can do so much with 50K lines of code is through rigorous application of consistency and multiple refactorings. The near term goal is to present a sufficient value proposition to be able to hand it off to a wider community and it is that community that has to address the second question because none of us can anticipate every requirement.
For my own personal use, I am creating separate Mesh groups for my various sets of documents which I want to be secured under a specific security policy, including survival:
@phb-personal : Material that is for myself alone with no access after I am deceased.
@phb-estate : Material related to my estate that is currently only visible to me but will become available to my heirs.
@phb-100year: Material that is currently private but will become visible in 100 years time.
The release conditions for the last two will be set through use of threshold cryptography
For @phb-estate, decryption using shares distributed to my solicitors, bankers, etc. for release on production of a death certificate. for @phb-100year, this will require the use of several TTP escrow agents.
Of course, none of this works at any level without forward planning.
