This project is pending deletion, and will be deleted on 2025-08-04. Repository and other project resources are read-only.

Act on the reviews of our revocation certificate mechanism

We received the reviews by email on tails@boum.org (<b8ba94d7-9810-97d8-61a9-3afd1158f5fc@autistici.org> and <5b248ab8-2262-1253-31e7-98bbcf95dafb@riseup.net>).

Summary:

Consider splitting a designated revocation key instead of a revocation certificate. The benefit would be to have an expiry date on the key, which is not the case with a certificate.
- --generate-designated-revocation in gpg(1)
- https://tools.ietf.org/html/rfc4880#section-5.2.3.15

Regularly check with the people in the scheme to make sure that the communication channel with them is still working and that they still have the instructions and their share.

Update “until we publish a new signing key” in the document as it won’t be enough to build again trust within our user base (cf. other possible fake keys on the public key servers).

Parent Task: #7700

Related issues

Related to #10022 (closed)
Blocks #16665

Original created by @sajolida on 15604 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information