Commit 1a7564b1 authored by sajolida's avatar sajolida
Browse files

Document how to keep the members of the groups up-to-date (#15604)

parent 36be0833
......@@ -104,6 +104,8 @@ There is no expiry date on revocation certificates. One way of
cancelling the revocation power is to destroy all copies of shares of 2
groups amongst B, C, or D.
<a id="invitation"></a>
Invitation email
================
......@@ -236,3 +238,80 @@ to the mailing list.
Thanks, and may the force be with you!
</pre>
Keeping the members of the groups B, C, and D up-to-date
========================================================
At least every 2 years, we make sure that the mechanism still works:
1. We review internally the list of members of each group and decide
possible additions and removals from each group.
1. We write to the list to ask all members to check that they still have
their share and the number in the file name.
<pre>
Subject: update
Hi,
Some years ago, you agreed to be part of a distributed mechanism for the
revocation certificate of the Tails signing key and we sent you a
cryptographic share of this revocation certificate.
Today, we are asking each of you to:
1. Verify that this email is signed by the Tails signing key.
2. Confirm whether you still have in your possession:
- Your share of the revocation certificate.
The file was named tails-signing-key-revocation-cert.asc.NNN, where
NNN is a 3 digit number.
- The number NNN in the file name of your share.
/!\ Please confirm us on tails@boum.org and not on this list. /!\
For the record, the address of the mailing list that you should write to
in case you want to assemble the revocation certificate is:
address@example.org
We are also copying below a summary of the mechanism.
XXX: Copy the invitation email:
XXX: - Include "You can read a complete description of the distribution mechanism on:"
XXX: - Stop before "So, can we count on you for this?"
</pre>
### To add new members
1. Send the [[invitation email|signing_key_revocation#invitation]] to
the new member.
1. If they agree, ask someone else from the same group to send them
their key.
This reveals some membership to other people but it's all-right since
they have the same share.
1. Ask the new member to confirm the reception of their share.
<pre>
Subject: sharing
Hi,
We asked someone else from your group to send you a copy of your share.
Please tell us once you receive it.
The address of the mailing list that you should write to in case you
want to assemble the revocation certificate is:
address@example.org
Thanks, and may the force be with you!
</pre>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment