[website/master] update information on revocation and recovery
---
keys.html | 123 +++++---------------------------------------------------------
1 file changed, 10 insertions(+), 113 deletions(-)
diff --git a/keys.html b/keys.html
index 74b89a2..4e6446c 100644
--- a/keys.html
+++ b/keys.html
@@ -172,16 +172,8 @@
<div id="revokation">
<h1>Key Revocation Procedure</h1>
- <p>A revokation certificate for the archive key is produced at the
- time of the creation of an archive key. The program gfshare (package
- <a href=
- "https://packages.debian.org/stable/libgfshare-bin">libgfshare-bin</a>)
- (a Shamir's secret sharing scheme implementation) is then used to
- produce 12 shares of which 7 are needed to recover the revokation
- cert. This procedure is for use in emergencies only (such as losing
- ftp-master.debian.org and all of the backups, a hopefully unlikely
- event) as the key can normally be used to produce its own revokation
- certificate.</p>
+ <p>The ftp masters at the time of the key generation are designated
+ revokers and can revoke the key if required.</p>
</div>
<div id="keysplit">
@@ -192,19 +184,18 @@
<a href=
"https://packages.debian.org/stable/libgfshare-bin">libgfshare-bin</a>)
(a Shamir's secret sharing scheme implementation) is used to produce
- 14 shares of which 9 are needed to recover the secret key.</p>
+ 5 shares of which 3 are needed to recover the secret key.</p>
</div>
<div id="ssss">
<h1>SSSS holders</h1>
<p>The following people each hold one of the shares of the
- revocation certificate / private key.</p>
+ private key.</p>
- <h2>Revocation shares</h2>
+ <h2>Key shares for 9/stretch keys</h2>
- <p>7 of those shares are needed to reproduce the revocation
- certificate</p>
+ <p>3 of the 5 shares are needed to reproduce the secret key</p>
<table>
<tr>
@@ -212,118 +203,24 @@
</tr>
<tr>
- <td>sho</td><td>Samuel Hocevar</td>
- </tr>
-
- <tr>
- <td>don</td><td>Don Armstrong</td>
+ <td>ansgar</td><td>Ansgar Burchardt</td>
</tr>
<tr>
- <td>neilm</td><td>Neil McGovern</td>
+ <td>gwolf</td><td>Gunnar Eyal Wolf Iszaevich</td>
</tr>
<tr>
- <td>djpig</td><td>Frank Lichtenheld</td>
- </tr>
-
- <tr>
- <td>jimmy</td><td>Jimmy Kaplowitz</td>
- </tr>
-
- <tr>
- <td>killer</td><td>Kalle Kivimaa</td>
- </tr>
-
- <tr>
- <td>noodles</td><td>Jonathan McDowell</td>
- </tr>
-
- <tr>
- <td>rra</td><td>Russ Allbery</td>
- </tr>
-
- <tr>
- <td>marga</td><td>Margarita Manterola</td>
- </tr>
-
- <tr>
- <td>thijs</td><td>Thijs Kinkhorst</td>
- </tr>
-
- <tr>
- <td>meike</td><td>Meike Reichle</td>
- </tr>
-
- <tr>
- <td>miriam</td><td>Miriam Ruiz</td>
- </tr>
- </table>
-
- <h2>Key shares</h2>
-
- <p>9 of those shares are needed to reproduce the secret key</p>
-
- <table>
- <tr>
- <th>Debian uid</th><th>Name</th>
+ <td>jcristau</td><td>Julien Cristau</td>
</tr>
<tr>
- <td>luk</td><td>Luk Claes</td>
- </tr>
-
- <tr>
- <td>maxx</td><td>Martin Wuertele</td>
- </tr>
-
- <tr>
- <td>adeodato</td><td>Adeodato Simó</td>
- </tr>
-
- <tr>
- <td>myon</td><td>Christoph Berg</td>
- </tr>
-
- <tr>
- <td>93sam</td><td>Steve McIntyre</td>
- </tr>
-
- <tr>
- <td>bdale</td><td>Bdale Garbee</td>
- </tr>
-
- <tr>
- <td>sgran</td><td>Stephen Gran</td>
- </tr>
-
- <tr>
- <td>dannf</td><td>Dann Frazier</td>
- </tr>
-
- <tr>
- <td>weasel</td><td>Peter Palfrader</td>
- </tr>
-
- <tr>
- <td>enrico</td><td>Enrico Zini</td>
- </tr>
-
- <tr>
- <td>wouter</td><td>Wouter Verhelst</td>
+ <td>joerg</td><td>Joerg Jaspert</td>
</tr>
<tr>
<td>mhy</td><td>Mark Hymers</td>
</tr>
-
- <tr>
- <td>bzed</td><td>Bernd Zeimetz</td>
- </tr>
-
- <tr>
- <td>stew</td><td>Mike O'Connor</td>
- </tr>
</table>
</div>
<hr />
--
2.1.4
Reply to: