Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
cbrownstein
tails
Commits
1a7564b1
Commit
1a7564b1
authored
Jun 22, 2019
by
sajolida
Browse files
Document how to keep the members of the groups up-to-date (#15604)
parent
36be0833
Changes
1
Hide whitespace changes
Inline
Side-by-side
wiki/src/doc/about/openpgp_keys/signing_key_revocation.mdwn
View file @
1a7564b1
...
...
@@ -104,6 +104,8 @@ There is no expiry date on revocation certificates. One way of
cancelling the revocation power is to destroy all copies of shares of 2
groups amongst B, C, or D.
<a id="invitation"></a>
Invitation email
================
...
...
@@ -236,3 +238,80 @@ to the mailing list.
Thanks, and may the force be with you!
</pre>
Keeping the members of the groups B, C, and D up-to-date
========================================================
At least every 2 years, we make sure that the mechanism still works:
1. We review internally the list of members of each group and decide
possible additions and removals from each group.
1. We write to the list to ask all members to check that they still have
their share and the number in the file name.
<pre>
Subject: update
Hi,
Some years ago, you agreed to be part of a distributed mechanism for the
revocation certificate of the Tails signing key and we sent you a
cryptographic share of this revocation certificate.
Today, we are asking each of you to:
1. Verify that this email is signed by the Tails signing key.
2. Confirm whether you still have in your possession:
- Your share of the revocation certificate.
The file was named tails-signing-key-revocation-cert.asc.NNN, where
NNN is a 3 digit number.
- The number NNN in the file name of your share.
/!\ Please confirm us on tails@boum.org and not on this list. /!\
For the record, the address of the mailing list that you should write to
in case you want to assemble the revocation certificate is:
address@example.org
We are also copying below a summary of the mechanism.
XXX: Copy the invitation email:
XXX: - Include "You can read a complete description of the distribution mechanism on:"
XXX: - Stop before "So, can we count on you for this?"
</pre>
### To add new members
1. Send the [[invitation email|signing_key_revocation#invitation]] to
the new member.
1. If they agree, ask someone else from the same group to send them
their key.
This reveals some membership to other people but it's all-right since
they have the same share.
1. Ask the new member to confirm the reception of their share.
<pre>
Subject: sharing
Hi,
We asked someone else from your group to send you a copy of your share.
Please tell us once you receive it.
The address of the mailing list that you should write to in case you
want to assemble the revocation certificate is:
address@example.org
Thanks, and may the force be with you!
</pre>
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
