disaster-recovery-website/_layouts/landing.html

<!DOCTYPE html>
<html lang="{{ page.lang | default: site.lang | default: en }}">
{%- include head.html -%}

<body>
    <div class="container">

        {%- include header.html -%}

        <main>
            <section class="flex-container">
                <div class="flex-container-inner">
                    <h1>Distrust Key Escrow</h1>
                    <p>The only fully open source, technology agnostic key escrow service.</p>
                    <a href="/contact.html" class="action-button">Documentation</a>
                    <a href="/contact.html" class="action-button">Join Waitlist</a>
                    <br />
                </div>
            </section>

	    <br />
            <section class="flex-container">
                <div class="flex-container-inner">
<style>
.cta-well {
	background: white;
	border-radius: 20px;
}
.cta-well > p {
	color: blue;
}
</style>
			<div class="cta-well">
		    <!--TODO: put this in a white well with blue text to draw attention to it, border radius 15px-->
			    <h1>Quick Start</h1>
			    <p>If you are ready to protect your data, you can use the <a href="dke.distrust.co/wizard">wizard</a> which will walk you through the process.</p>
			</div>
                </div>
            </section>

	    <br />

            <section class="flex-container">
                <div class="flex-container-inner">
		    <h1 style="text-align: center">How it Works</h1>

                    <h2>Backup</h2>
                    <h3>1. Generate a recovery key</h3>
                    <p>Any kind of key may be used, but recommendations for the type of key to use and how to manage its lifecycle can be found <a href="todo">here</a></p>

                   <h3>2. Define recovery rules.</h3>
                   <p>The standardized Distrust Key Escrow policy can be used to set rules for conditions under which the key can reclaimed.</p>

                   <h3>3. Encrypt data and back it up.</h3>
                   <p>The client is responsible for redundantly backing up data. This is to ensure that Distrust Key Escrow has no way to access the data.</p>
                </div>
            </section>

            <section class="flex-container">
                <div class="flex-container-inner">
                    <h1>Recovery</h1>

                    <h3>1. Lose access to your data (oops...)</h3>
                    <p>Data loss, even with great controls sometimes isn't fully prevented.</p>

                    <h3>2. Submit verifiable recovery request.</h3>
                    <p>Submit a request to recover the data, which will be checked against the recovery rules.</p>
                    
                    <h3>3. Your recovery key is returned.</h3>
                    <p>The key which is held in escrow by Distrust Key Escrow is re-encrypted to a key provided by the client and released from escrow. This is to ensure that we never have access to your data in plaintext, only the key that you used to encrypt it.</p>
                </div>
            </section>

            <section class="flex-container">
                <div class="flex-container-inner">
                    <h1 style="text-align: center">Security</h1>
                    <h3>Reproducible Builds</h3>
                    <p>Being able to ensure that all of the software that's used for the QKM system is essential. Learn more about why <a href="todo">here</a></p>

                    <h3>Full Source Bootstrapped</h3>
                    <p>Being able to verify the compiler by <a href="">bootstrapping</a> it in order to ensure it is not capable of injection malicious code at runtime is an essential part of supply chain security.</p>

                    <h3>Side Channel Attack Resistance</h3>
                    <p>Attacks that are able to exfiltrate data via non standard channels is an important consideration when handling sensitive cryptographic material.</p>

                    <h3>Cold Key Management</h3>
                    <p>Ensuring that the lifecycle of cryptographic material is handled in a fully air-gapped environment helps drastically reduce surface area for attacks.</p>

                    <h3>Multi Party Access Control</h3>
                    <p>Because eliminating single points of failure is an effective way to reduce the likelihood of compromise is a core control mechanism for DKM.</p>
                </div>
            </section>

            <section class="flex-container">
                <div class="flex-container-inner">
                    <h1 style="text-align: center">The Approach</h1>
                    <p>Distrust Key Escrow has been designed with the utmost care to eliminate single points of failure to ensure that your backups are inaccessible by any single individual, under any circumstances.</p>
		    <p>This may seem like a big claim, but all our processes and software are fully open source - so you can verify for yourself. If you still don't trust us, that's okay, you can use our blueprint to set up the QKM system youself - and we invite you to do so. You can find the documentation on how QKM works <a href="https://docs.distrust.co/qkm">here</a></p>

                    <p>Most, if not all current commercial backup/disaster recovery systems have many single points of failure and sell a service which is simply not suited for many contexts - especially for backing up digital asset wallets. The lack of transparency on how their systems work means that you as the end user can't verify whether their approach to security matches your desired threat model, and you are left with blind trust, rather with transparency.</p>
                </div>
            </section>
        </main>
        {%- include footer.html -%}
    </div>
</body>

</html>