This talk covers an alternative to key escrows using new cryptographictechniques implemented by the Clevis (client) and Tang (server) projects. Keeping secrets is tough. It is hard enough when you have control over thefull computing chain. But now we are expected to keep secrets while storingthose secrets in cloud and SaaS infrastructures. At least we can trust thenetwork providers, right? Of course, the answer is to encrypt the data. Butthen how do we know who should have access to the data and when? This talkwill look at the new strategies and cryptographic techniques implemented bythe Tang and Clevis open source projects. Tang forgoes complex (andcompromise-prone) key management infrastructures by using simple algorithms tobind data to third party entities. Clevis permits sophisticated unlockingpolicies that go beyond simply password management to true attributedcryptography. Come see how to integrate Tang and Clevis into yourinfrastructure or software project! |