Describe Roots/EscrowAndRecovery/Notary here.

The 2008 Notary Escrow Project

The following describes the Project conducted in late 2008, into 2009, to investigate the escrow of the root into the care of a Dutch Notary. Note that this was the project of that time.

An implication of m20080710.2 is that the third party is external to CAcert, therefore not a Member of the Community nor an Association Member. A (European-style) Notary is indicated for escrow of CAcert Root and Sub-Root certificate private Keys in two separate sealed envelopes (Private key and passwords to the key).

Thought is given to escrow the sealed envelopes with two different third parties. Is there to be one single third party, or multiples, with half (encrypted (Sub-)Root Key) and half (password key) split.

Before escrow is effectuated the amount of Sub-Root Keys to be generated. In November 2008 it was speculated that only two Sub-Root Keys (non-assured and assured) was needed, however two extra (spare) Sub-Root Keys were generated. CPS (still WiP) is defining which Sub-Root Key is used for what.

Reasoning for third party escrow:

Notes by Teus:

6. password root private key? How? N=3 so no one knows the full password?

Number them on envelope in N envelopes. Store them in the envelope and seal the envelope? Separate envelope with order of envelopes?

Store envelopes at notary in Holland?

(Remember: notaries have Diginotar which is a commercial CA. It is a conflict of interest. However they have rulings about this. But notaries have failed in the past.

One envelope with order of envelopes can be put with board?

Should I bring sealing equipment? Old fashioned seal?

Note by iang: moved SSH key / FS encryption key / root account keys discussion to SecurityManual4.3.7.

Notes on some criteria as raised by Ian to Teus on 8th of May 2009:

Recovery From the Notary

Notes on Condition for Recovery:


Procedure for Recovery

See Notary Recovery Conditions. Notary will put the conditions in an Act of Preservation (Acte van Bewaarstelling). The translation to english can be found here.

Relationship to Working Practices

In principle, these processes described are not used except under exceptional circumstances. Normal Sub-Root Key creation is done using the routine internal copies of the root, held by CAcert personnel.