Hello tor-talk! I have an operations question for those in high-security orgs: * How do you manage your private keys? * How do you do recover from a key-compromise?
I ask because there's talk among Singaporean financial tech firms about migrating to more transparent (yay!) blockchain-based cryptoledgers, but a sticking point for management is how to reliably recover from theft of private keys. I understand there exist real-world practices like cold-storage as well as cryptographic practices like requiring quorum of n keys and then regenerating a stolen key from the quorum. However, I am seeking something more concrete for how it all fits together. And I figured that if any group of people both competent and transparent enough to discuss this, it's tor-talk. I am currently under the impression that this is a largely-solved problem, but often requires domain-specific knowledge/techniques. Ergo, I ask. A paragraph or two overview of the gist would be fine. Whatever you write I will probably polish into something non-h4x0rs can understand. Thanks much, -Virgil -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
