Concept ACK. For the details of executing the plan, I think the following is less disruptive:
1. Send a message with (max sequence - 1), notifying all nodes that the key will be retired on or before a date. People with systems relying on this key should either upgrade or ignore the revocation message. We don't know the actual date because the key is shared by many people. With the max - 1 sequence, no message except the max sequence revocation message may override this message. 2. Send the revocation message at the pre-announced time, if no one have done that before 3. After a few months or so, publish the private key. > > One of the facilities in the alert system is that you can send a > maximum sequence alert which cannot be overridden and displays only a > static key compromise text message and blocks all other alerts. I plan > to send a triggering alert in the not-distant future (exact time to be > announced well in advance) feedback on timing would be welcome. > > There are likely a few production systems that automatically shut down > when there is an alert, so this risks some small one-time disruption > of those services-- but none worse than if an alert were sent to > advise about a new system upgrade. > > At some point after that, I would then plan to disclose this private > key in public, eliminating any further potential of reputation attacks > and diminishing the risk of misunderstanding the key as some special > trusted source of authority. > > Cheers, > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
