584    Chapter 10 • Public Key Infrastructure

                 In a more advanced key escrow scheme, there may be two or more escrow
             agencies.The keys are split up and one half is sent to the two different escrow
             companies (see Figure 10.11). Using two different escrow companies is a separation
             of duties, preventing one single escrow company from being able to compromise
             encrypted messages by using a client’s key set. (A detailed discussion of separation
             of duties can be found in Chapter 12.)



              TEST DAY TIP

                  Remember that separation of duties, when referring to escrow, focuses
                  on requiring two or more persons to complete a task.






             Figure 10.11 The Key Escrow Process

                                 Key Escrow                      Key Escrow
                                   Server                          Server











                                Partial Key                        Partial Key


                                                 User’s Key













                 Key escrow is a sore spot with many people and companies, because many pro-
             posed key escrow schemes are designed to allow a government or law-enforcement
             authority to have access to keys. Depending on your level of trust in the govern-




          www.syngress.com