Key Escrow

Alice and Bob can independently choose their escrow agent.
Either might choose not to escrow their copy of the session master key – in which case they will not be able to recover the session from a stored copy of the encrypted session - but they might store an unencrypted session.
If an escrow agent fails or is unavailable, then the session master key may be unavailable.

Transcript

[slide406] So what does key escrow do? Well, you take your key and you give it to your escrow agent. Who holds it? Everyone knows what escrow is? Anyone who doesn't know what escrow is? Okay. Escrow is the idea that if you and another party have a contract, you could say, for instance, let's say you're going to buy a house. I have no idea of this other person. I have no trust in them whatsoever. But I have an escrow agent that I will pay my money to. And when I receive the keys and the contract to take ownership of the house, the escrow agent will pay the money to the other party. Okay. So if the other party doesn't deliver the keys and contract for ownership to me, the escrow agent doesn't pay. Now, escrow is very popularly used in software. So if you're a company and you're selling a product, you might be asked to put the source code for your software in escrow with an escrow agent on the condition that should you go out of business, the company who's bought your software can go to the escrow agent with proof that you're no longer in business, and now they can have access to the source code so they can continue to use it and maintain it. And that might be a condition of sale for particularly very large systems. So escrow agents are supposed to be these parties that you trust. So Alice has her escrow agent. Bob has his escrow agent. When they set up this call, they escrow their session master keys with the escrow agents. Why? Well, in this way, if later Alice gets a court order because the Securities Exchange Commission or the stock market comes and says, we want to be able to listen to the content of that call, Alice can go to her escrow agent and get the key back. That's their job, is to securely store this. Similarly, Bob can do it. Of course, if either escrow agent fails, in this case if Alice's agent were to fail, Alice would lose access to all the previous keys that she had escrowed.