Am Montag, den 05.11.2018, 20:29 -0600 schrieb Andrew David Wong: > Until now, the two members of the QST have been Joanna and Marek. With > Joanna's new role at the Golem Project, she will no longer have time to > function as a QST member. Therefore, Joanna will officially transfer > ownership of the Qubes Master Signing Key (QMSK) [12] to Marek, and she > will no longer sign QSBs. > > However, due to the nature of PGP keys, there is no way to guarantee > that Joanna will not retain a copy of the QMSK after transferring > ownership to Marek. Since anyone in possession of the QMSK is a > potential attack vector against the project, Joanna will continue to > sign Qubes Canaries [10] in perpetuity.
For professional curiosity (some of our customers run enormous corporate CAs and have to plan for the loss/breach of the private key to the root certificate) I was already looking for a document describing the process for invalidating and recreating that root of trust. Is there one? Although I believe the necessary steps to be quite expensive in the case of Qubes to invoke it right now... Achim -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/bd6d59351ee33f32495d8cc78fb45a8d423f3aaa.camel%40noses.com. For more options, visit https://groups.google.com/d/optout.