Act on the reviews of our revocation certificate mechanism
Originally created by @sajolida on #15604 (Redmine)
We received the reviews by email on tails@boum.org (<b8ba94d7-9810-97d8-61a9-3afd1158f5fc@autistici.org> and <5b248ab8-2262-1253-31e7-98bbcf95dafb@riseup.net>).
Summary:
- Consider splitting a designated revocation key instead of a
revocation certificate. The benefit would be to have an expiry date
on the key, which is not the case with a certificate.
-
--generate-designated-revocation
ingpg(1)
- https://tools.ietf.org/html/rfc4880#section-5.2.3.15
-
- Regularly check with the people in the scheme to make sure that the communication channel with them is still working and that they still have the instructions and their share.
- Update “until we publish a new signing key” in the document as it won’t be enough to build again trust within our user base (cf. other possible fake keys on the public key servers).
Parent Task: tails/private#7700
Related issues
- Related to #10022 (closed)
- Blocks #16665 (closed)
Edited by sajolida