At 06:04 PM 8/13/2015, John Levine wrote: >Also scalability. In the Apple iMessage system, every user has a >separate key pair and only sends the public key to the Apple >directory. How do you fragment and escrow all umpteen million of >the private keys? You don't. You create some number of key pairs for escrow and each session key is encrypted under both the normal key pair and one of the escrow key pairs. After that's its mostly a database problem - but lots of communities deal with very large data set management. If you want better policy control you impose some sort of N of K model to reconstitute the encrypted keys. I'm not recommending this or opposing it - just saying that its possible in pretty much any case to design some sort of key recovery system that meets a specific policy and that is manageable. Even for 100s of millions of keys. Mike