# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2016-11-08 18:06+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Plain text #, no-wrap msgid "[[!meta title=\"Revocation of the Tails signing key\"]]\n" msgstr "" #. type: Plain text msgid "" "This document proposes a mechanism for the distribution and activation of " "the revocation certificate of the Tails signing key." msgstr "" #. type: Title = #, no-wrap msgid "Goals\n" msgstr "" #. type: Plain text msgid "Covered by current proposal:" msgstr "" #. type: Plain text #, no-wrap msgid "" " A. Prevent any single individual from revoking our signing key.\n" " B. Allow a coalition of people from tails@boum.org to revoke our signing key\n" " in case most of the people from tails@boum.org become unavailable.\n" " C. Allow a coalition of people, not necessarily from tails@boum.org, to\n" " revoke our signing key in case everybody or almost everybody from\n" " tails@boum.org becomes unavailable.\n" " D. Make it hard for a coalition of people not from tails@boum.org to revoke\n" " our signing key unless everybody or almost everybody from tails@boum.org\n" " becomes unavailable.\n" " E. People not from tails@boum.org shouldn't know how the shares are spread\n" " and who has them.\n" " F. People in possession of a share of the signing key should have\n" " instructions on how to use it if needed.\n" msgstr "" #. type: Title = #, no-wrap msgid "Groups\n" msgstr "" #. type: Plain text msgid "We define four complementary groups of trusted people:" msgstr "" #. type: Bullet: ' - ' msgid "Group A: people from tails@boum.org themselves" msgstr "" #. type: Bullet: ' - ' msgid "Group B" msgstr "" #. type: Bullet: ' - ' msgid "Group C" msgstr "" #. type: Bullet: ' - ' msgid "Group D" msgstr "" #. type: Plain text msgid "" "All these people should have an OpenPGP key and understand what a revocation " "certificate is." msgstr "" #. type: Title = #, no-wrap msgid "Cryptographic shares\n" msgstr "" #. type: Plain text msgid "" "We generate a revocation certificate of the signing key and split it into a " "number of cryptographic shares, using for example Shamir's secret sharing " "scheme implemented by `gfshare`." msgstr "" #. type: Plain text msgid "" "The following combinations of people could get together and reassemble their " "shares to reconstruct a complete revocation certificate:" msgstr "" #. type: Bullet: ' - ' msgid "Three people from tails@boum.org: A{3}" msgstr "" #. type: Bullet: ' - ' msgid "" "Two people from tails@boum.org and one person not from tails@boum.org: A" "{2}+(B|C|D)" msgstr "" #. type: Bullet: ' - ' msgid "" "One person from tails@boum.org, and two people not from tails@boum.org but " "from two different groups: A+(B|C|D){2}" msgstr "" #. type: Bullet: ' - ' msgid "" "Three people not from tails@boum.org but from three different groups: (B+C+D)" "{3}" msgstr "" #. type: Plain text msgid "We generate these shares:" msgstr "" #. type: Bullet: ' - ' msgid "N shares, one for each person from tails@boum.org" msgstr "" #. type: Bullet: ' - ' msgid "1 share for people in group B" msgstr "" #. type: Bullet: ' - ' msgid "1 share for people in group C" msgstr "" #. type: Bullet: ' - ' msgid "1 share for people in group D" msgstr "" #. type: Title = #, no-wrap msgid "Who knows what\n" msgstr "" #. type: Bullet: ' - ' msgid "People from tails@boum.org know the composition of each group" msgstr "" #. type: Plain text #, no-wrap msgid "" " - People not from tails@boum.org:\n" " - Are explained in which circumstances they should revoke the signing key\n" " - Are told to write to a certain contact email address if they decide to revoke the signing key\n" " - Are told that they need three different shares to reassemble the revocation certificate\n" msgstr "" #. type: Title = #, no-wrap msgid "Infrastructure\n" msgstr "" #. type: Bullet: ' - ' msgid "Everybody who owns a share is subscribed to a mailing list." msgstr "" #. type: Bullet: ' - ' msgid "" "This mailing list is hosted on a trusted server different from boum.org to " "be more resilient than our usual communication channels." msgstr "" #. type: Title = #, no-wrap msgid "Changing the members of the groups B, C, or D\n" msgstr "" #. type: Plain text msgid "To add someone to a given group:" msgstr "" #. type: Bullet: ' - ' msgid "" "Request someone from that group to send her share to the new person in the " "group." msgstr "" #. type: Plain text msgid "To remove someone from a given group:" msgstr "" #. type: Bullet: ' - ' msgid "Send new shares to everybody except to the person who is being removed." msgstr "" #. type: Bullet: ' - ' msgid "" "Request everybody to delete their previous share and track this. Once " "everybody in 2 groups amongst B, C, or D have deleted their share, it " "becomes impossible for them to reassemble the revocation certificate with " "the previous set of shares." msgstr "" #. type: Bullet: ' - ' msgid "Let's hope that this doesn't happen very often :)" msgstr "" #. type: Title = #, no-wrap msgid "Expiry\n" msgstr "" #. type: Plain text msgid "" "There is no expiry date on revocation certificates. One way of cancelling " "the revocation power is to destroy all copies of shares of 2 groups amongst " "B, C, or D." msgstr "" #. type: Title = #, no-wrap msgid "Email to members of the groups\n" msgstr "" #. type: Plain text #, no-wrap msgid "" "
\n"
"Subject: distribution\n"
msgstr ""

#. type: Plain text
msgid "Hi,"
msgstr ""

#. type: Plain text
msgid ""
"We want to propose you to be part of a distributed mechanism for the "
"revocation certificate of the Tails signing key."
msgstr ""

#. type: Plain text
msgid ""
"The idea is to distribute cryptographic shares of this revocation "
"certificate to people that we trust. These cryptographic shares can be put "
"together to reassemble the revocation certificate and revoke the Tails "
"signing key. This may be needed in case something really bad happens to us "
"and we are not able to do the revocation ourselves."
msgstr ""

#. type: Plain text
msgid ""
"Note: In all this document, 'us' refers to the set of people subscribed to "
"tails@boum.org which is a Schleuder mailing list."
msgstr ""

#. type: Plain text
msgid ""
"You can read a complete description of the distribution mechanism on https://"
"tails.boum.org/contribute/signing_key_revocation. The recipe is public and "
"the only secret component is the list of people who are in possession of the "
"cryptographic material."
msgstr ""

#. type: Plain text
msgid ""
"We are proposing this to you because we trust in both your technical "
"abilities to store your share in a safe place and manipulate it as required "
"but also because we trust in you as a human being to make informed judgment "
"on when to use your share and act only in the interest of Tails."
msgstr ""

#. type: Plain text
msgid "The bad things that could happen if the mechanism fails are:"
msgstr ""

#. type: Plain text
msgid ""
"A. The signing key is not revoked while it should be. This could allow "
"possible attackers to distribute malicious Tails ISO images or publish "
"malicious information on our name."
msgstr ""

#. type: Plain text
msgid ""
"B. The signing key is revoked when it should not have been. This would "
"prevent people from verifying our ISO images with OpenPGP until we publish a "
"new signing key."
msgstr ""

#. type: Title =
#, no-wrap
msgid "Distribution of the shares\n"
msgstr ""

#. type: Plain text
msgid ""
"Each person from tails@boum.org, group A, has a *different* share, A1, "
"A2, ..., An."
msgstr ""

#. type: Plain text
msgid ""
"On top of this, we defined three complementary groups, B, C, and D of "
"trusted people who have a close relationship with Tails but different "
"interests and different access to information about us. You are part of one "
"of these groups."
msgstr ""

#. type: Plain text
msgid "Everybody in group B has an *identical* share B."
msgstr ""

#. type: Plain text
msgid "Everybody in group C has an *identical* share C."
msgstr ""

#. type: Plain text
msgid "Everybody in group D has an *identical* share D."
msgstr ""

#. type: Plain text
msgid ""
"Three different shares are needed to reassemble the revocation certificate. "
"For example, shares A1, A2, and A3, or shares A1, B, and C."
msgstr ""

#. type: Title =
#, no-wrap
msgid "How to store your share\n"
msgstr ""

#. type: Plain text
msgid ""
"Please keep your share in an encrypted storage and make it as hard as you "
"can for untrusted people to get a copy of it."
msgstr ""

#. type: Plain text
msgid ""
"You can rename the file as long as you keep the number in the file name of "
"your share as it is needed to use the share."
msgstr ""

#. type: Plain text
msgid ""
"Feel free to back up the file but we might also request you to delete it at "
"some point and you should be able to know whether you still have a copy of "
"it or not. It is all-right to lose your share as long as you tell us that "
"you have lost it. It is actually worse to still have a copy of the share "
"\"somewhere\" while thinking that you don't, than to lose it by mistake."
msgstr ""

#. type: Plain text
msgid ""
"Don't hesitate to ask us if you need clarification on the technical aspects "
"of this."
msgstr ""

#. type: Title =
#, no-wrap
msgid "When to use your share\n"
msgstr ""

#. type: Plain text
msgid "Everybody in possession of a share is subscribed to a mailing list:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid "    $MAILING LIST\n"
msgstr ""

#. type: Plain text
msgid ""
"If someone in possession of a share gets to learn about a very bad event "
"that happened to many of us and really thinks that we are not capable of "
"revoking the Tails signing key ourselves anymore, then this person should "
"write to the mailing list explaining why she thinks that the signing key "
"needs to be revoked."
msgstr ""

#. type: Plain text
msgid ""
"Yes, there is no mathematically proven algorithm for this and here is where "
"your judgement as a human being is needed. The description of the very bad "
"event should be checked or backed by enough people to be plausible."
msgstr ""

#. type: Plain text
msgid ""
"Keep in mind that we could still revoke the signing key ourselves as long as "
"three of us are able to communicate and gather their shares. So we only need "
"your help if only two of us are still able to communicate."
msgstr ""

#. type: Plain text
msgid ""
"Unless you really want to start the key revocation process, do not write to "
"this mailing list."
msgstr ""

#. type: Title =
#, no-wrap
msgid "Further communications\n"
msgstr ""

#. type: Plain text
msgid ""
"In case we need to communicate with you about this revocation mechanism in "
"the future, we will always do it with messages signed by the Tails signing "
"key itself. We might do so for example to:"
msgstr ""

#. type: Bullet: '  - '
msgid "Ask you to send your share to a new member of your group."
msgstr ""

#. type: Bullet: '  - '
msgid ""
"Ask you to delete your share. This could be needed to cancel the power of "
"others people's share: as long as enough of you delete their shares, the few "
"people that might not delete them would end up with unusable shares."
msgstr ""

#. type: Plain text
msgid "So, can we count on you for this?"
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"Thanks, and may the force be with you!\n"
"
\n" msgstr ""