- Prevent any single individual from revoking our signing key.
6
Allow a coalition of people from tails@boum.orghe Board to revoke our signing key in case most of the people from tails@boum.orghe Board become unavailable.
Allow a coalition of people from the Board to revoke our signing key in case most of the people from the Board become unavailable.
7
Allow a coalition of people, not necessarily from tails@boum.orghe Board, to revoke our signing key in case everybody or almost everybody from tails@boum.orghe Board becomes unavailable.
Allow a coalition of people, not necessarily from the Board, to revoke our signing key in case everybody or almost everybody from the Board becomes unavailable.
8
Make it hard for a coalition of people not from tails@boum.orghe Board to revoke our signing key unless everybody or almost everybody from tails@boum.orghe Board becomes unavailable.
Make it hard for a coalition of people not from the Board to revoke our signing key unless everybody or almost everybody from the Board becomes unavailable.
9
People not from tails@boum.orghe Board shouldn't know how the shares are spread and who has them.
We generate a revocation certificate of the signing key and split it into a number of cryptographic shares, using for example Shamir's secret sharing scheme implemented by `gfshare`.