signing_key_revocation.fr.po 11.8 KB
Newer Older
amnesia's avatar
amnesia committed
1 2 3 4 5 6 7 8 9
# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
amnesia's avatar
amnesia committed
10
"POT-Creation-Date: 2017-11-01 13:32+0100\n"
amnesia's avatar
amnesia committed
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"Revocation of the Tails signing key\"]]\n"
msgstr ""

#. type: Plain text
msgid ""
"This document proposes a mechanism for the distribution and activation of "
"the revocation certificate of the Tails signing key."
msgstr ""

#. type: Title =
#, no-wrap
msgid "Goals\n"
msgstr ""

#. type: Plain text
msgid "Covered by current proposal:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"  A. Prevent any single individual from revoking our signing key.\n"
amnesia's avatar
amnesia committed
43
"  B. Allow a coalition of people from tails@boum.org to revoke our signing key\n"
amnesia's avatar
amnesia committed
44 45 46 47
"     in case most of the people from tails@boum.org become unavailable.\n"
"  C. Allow a coalition of people, not necessarily from tails@boum.org, to\n"
"     revoke our signing key in case everybody or almost everybody from\n"
"     tails@boum.org becomes unavailable.\n"
amnesia's avatar
amnesia committed
48 49
"  D. Make it hard for a coalition of people not from tails@boum.org to revoke\n"
"     our signing key unless everybody or almost everybody from tails@boum.org\n"
amnesia's avatar
amnesia committed
50
"     becomes unavailable.\n"
amnesia's avatar
amnesia committed
51
"  E. People not from tails@boum.org shouldn't know how the shares are spread\n"
amnesia's avatar
amnesia committed
52
"     and who has them.\n"
amnesia's avatar
amnesia committed
53 54
"  F. People in possession of a share of the revocation certificate\n"
"     of the signing key should have instructions on how to use it if needed.\n"
amnesia's avatar
amnesia committed
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
msgstr ""

#. type: Title =
#, no-wrap
msgid "Groups\n"
msgstr ""

#. type: Plain text
msgid "We define four complementary groups of trusted people:"
msgstr ""

#. type: Bullet: '  - '
msgid "Group A: people from tails@boum.org themselves"
msgstr ""

#. type: Bullet: '  - '
msgid "Group B"
msgstr ""

#. type: Bullet: '  - '
msgid "Group C"
msgstr ""

#. type: Bullet: '  - '
msgid "Group D"
msgstr ""

#. type: Plain text
msgid ""
"All these people should have an OpenPGP key and understand what a revocation "
"certificate is."
msgstr ""

#. type: Title =
#, no-wrap
msgid "Cryptographic shares\n"
msgstr ""

#. type: Plain text
msgid ""
"We generate a revocation certificate of the signing key and split it into a "
"number of cryptographic shares, using for example Shamir's secret sharing "
"scheme implemented by `gfshare`."
msgstr ""

#. type: Plain text
msgid ""
"The following combinations of people could get together and reassemble their "
"shares to reconstruct a complete revocation certificate:"
msgstr ""

#. type: Bullet: '  - '
msgid "Three people from tails@boum.org: A{3}"
msgstr ""

#. type: Bullet: '  - '
msgid ""
amnesia's avatar
amnesia committed
112 113
"Two people from tails@boum.org and one person not from tails@boum.org: A"
"{2}+(B|C|D)"
amnesia's avatar
amnesia committed
114 115 116 117 118 119 120 121 122 123
msgstr ""

#. type: Bullet: '  - '
msgid ""
"One person from tails@boum.org, and two people not from tails@boum.org but "
"from two different groups: A+(B|C|D){2}"
msgstr ""

#. type: Bullet: '  - '
msgid ""
amnesia's avatar
amnesia committed
124 125
"Three people not from tails@boum.org but from three different groups: (B+C+D)"
"{3}"
amnesia's avatar
amnesia committed
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160
msgstr ""

#. type: Plain text
msgid "We generate these shares:"
msgstr ""

#. type: Bullet: '  - '
msgid "N shares, one for each person from tails@boum.org"
msgstr ""

#. type: Bullet: '  - '
msgid "1 share for people in group B"
msgstr ""

#. type: Bullet: '  - '
msgid "1 share for people in group C"
msgstr ""

#. type: Bullet: '  - '
msgid "1 share for people in group D"
msgstr ""

#. type: Title =
#, no-wrap
msgid "Who knows what\n"
msgstr ""

#. type: Bullet: '  - '
msgid "People from tails@boum.org know the composition of each group"
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"  - People not from tails@boum.org:\n"
amnesia's avatar
amnesia committed
161 162 163
"    - Are explained in which circumstances they should revoke the signing key\n"
"    - Are told to write to a certain contact email address if they decide to revoke the signing key\n"
"    - Are told that they need three different shares to reassemble the revocation certificate\n"
amnesia's avatar
amnesia committed
164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264
msgstr ""

#. type: Title =
#, no-wrap
msgid "Infrastructure\n"
msgstr ""

#. type: Bullet: '  - '
msgid "Everybody who owns a share is subscribed to a mailing list."
msgstr ""

#. type: Bullet: '  - '
msgid ""
"This mailing list is hosted on a trusted server different from boum.org to "
"be more resilient than our usual communication channels."
msgstr ""

#. type: Title =
#, no-wrap
msgid "Changing the members of the groups B, C, or D\n"
msgstr ""

#. type: Plain text
msgid "To add someone to a given group:"
msgstr ""

#. type: Bullet: '  - '
msgid ""
"Request someone from that group to send her share to the new person in the "
"group."
msgstr ""

#. type: Plain text
msgid "To remove someone from a given group:"
msgstr ""

#. type: Bullet: '  - '
msgid "Send new shares to everybody except to the person who is being removed."
msgstr ""

#. type: Bullet: '  - '
msgid ""
"Request everybody to delete their previous share and track this.  Once "
"everybody in 2 groups amongst B, C, or D have deleted their share, it "
"becomes impossible for them to reassemble the revocation certificate with "
"the previous set of shares."
msgstr ""

#. type: Bullet: '  - '
msgid "Let's hope that this doesn't happen very often :)"
msgstr ""

#. type: Title =
#, no-wrap
msgid "Expiry\n"
msgstr ""

#. type: Plain text
msgid ""
"There is no expiry date on revocation certificates. One way of cancelling "
"the revocation power is to destroy all copies of shares of 2 groups amongst "
"B, C, or D."
msgstr ""

#. type: Title =
#, no-wrap
msgid "Email to members of the groups\n"
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"<pre>\n"
"Subject: distribution\n"
msgstr ""

#. type: Plain text
msgid "Hi,"
msgstr ""

#. type: Plain text
msgid ""
"We want to propose you to be part of a distributed mechanism for the "
"revocation certificate of the Tails signing key."
msgstr ""

#. type: Plain text
msgid ""
"The idea is to distribute cryptographic shares of this revocation "
"certificate to people that we trust. These cryptographic shares can be put "
"together to reassemble the revocation certificate and revoke the Tails "
"signing key. This may be needed in case something really bad happens to us "
"and we are not able to do the revocation ourselves."
msgstr ""

#. type: Plain text
msgid ""
"Note: In all this document, 'us' refers to the set of people subscribed to "
"tails@boum.org which is a Schleuder mailing list."
msgstr ""

amnesia's avatar
amnesia committed
265 266 267 268 269 270 271 272
#. type: Plain text
msgid "You can read a complete description of the distribution mechanism on:"
msgstr ""

#. type: Plain text
msgid "https://tails.boum.org/doc/about/openpgp_keys/signing_key_revocation."
msgstr ""

amnesia's avatar
amnesia committed
273 274
#. type: Plain text
msgid ""
amnesia's avatar
amnesia committed
275 276
"The recipe is public and the only secret component is the list of people who "
"are in possession of the cryptographic material."
amnesia's avatar
amnesia committed
277 278 279 280 281 282
msgstr ""

#. type: Plain text
msgid ""
"We are proposing this to you because we trust in both your technical "
"abilities to store your share in a safe place and manipulate it as required "
amnesia's avatar
amnesia committed
283
"but also because we trust in you as a human being to make informed judgment "
amnesia's avatar
amnesia committed
284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311
"on when to use your share and act only in the interest of Tails."
msgstr ""

#. type: Plain text
msgid "The bad things that could happen if the mechanism fails are:"
msgstr ""

#. type: Plain text
msgid ""
"A. The signing key is not revoked while it should be. This could allow "
"possible attackers to distribute malicious Tails ISO images or publish "
"malicious information on our name."
msgstr ""

#. type: Plain text
msgid ""
"B. The signing key is revoked when it should not have been. This would "
"prevent people from verifying our ISO images with OpenPGP until we publish a "
"new signing key."
msgstr ""

#. type: Title =
#, no-wrap
msgid "Distribution of the shares\n"
msgstr ""

#. type: Plain text
msgid ""
amnesia's avatar
amnesia committed
312 313
"Each person from tails@boum.org, group A, has a *different* share, A1, "
"A2, ..., An."
amnesia's avatar
amnesia committed
314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337
msgstr ""

#. type: Plain text
msgid ""
"On top of this, we defined three complementary groups, B, C, and D of "
"trusted people who have a close relationship with Tails but different "
"interests and different access to information about us. You are part of one "
"of these groups."
msgstr ""

#. type: Plain text
msgid "Everybody in group B has an *identical* share B."
msgstr ""

#. type: Plain text
msgid "Everybody in group C has an *identical* share C."
msgstr ""

#. type: Plain text
msgid "Everybody in group D has an *identical* share D."
msgstr ""

#. type: Plain text
msgid ""
amnesia's avatar
amnesia committed
338 339
"Three different shares are needed to reassemble the revocation certificate. "
"For example, shares A1, A2, and A3, or shares A1, B, and C."
amnesia's avatar
amnesia committed
340 341 342 343 344 345 346 347 348 349 350 351 352 353 354
msgstr ""

#. type: Title =
#, no-wrap
msgid "How to store your share\n"
msgstr ""

#. type: Plain text
msgid ""
"Please keep your share in an encrypted storage and make it as hard as you "
"can for untrusted people to get a copy of it."
msgstr ""

#. type: Plain text
msgid ""
amnesia's avatar
amnesia committed
355 356
"You can rename the file as long as you keep the number in the file name of "
"your share as it is needed to use the share."
amnesia's avatar
amnesia committed
357 358 359 360 361 362 363 364
msgstr ""

#. type: Plain text
msgid ""
"Feel free to back up the file but we might also request you to delete it at "
"some point and you should be able to know whether you still have a copy of "
"it or not. It is all-right to lose your share as long as you tell us that "
"you have lost it. It is actually worse to still have a copy of the share "
amnesia's avatar
amnesia committed
365
"\"somewhere\" while thinking that you don't, than to lose it by mistake."
amnesia's avatar
amnesia committed
366 367 368 369 370 371 372 373 374 375 376 377 378 379
msgstr ""

#. type: Plain text
msgid ""
"Don't hesitate to ask us if you need clarification on the technical aspects "
"of this."
msgstr ""

#. type: Title =
#, no-wrap
msgid "When to use your share\n"
msgstr ""

#. type: Plain text
amnesia's avatar
amnesia committed
380
msgid "Everybody in possession of a share is subscribed to a mailing list."
amnesia's avatar
amnesia committed
381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429
msgstr ""

#. type: Plain text
msgid ""
"If someone in possession of a share gets to learn about a very bad event "
"that happened to many of us and really thinks that we are not capable of "
"revoking the Tails signing key ourselves anymore, then this person should "
"write to the mailing list explaining why she thinks that the signing key "
"needs to be revoked."
msgstr ""

#. type: Plain text
msgid ""
"Yes, there is no mathematically proven algorithm for this and here is where "
"your judgement as a human being is needed. The description of the very bad "
"event should be checked or backed by enough people to be plausible."
msgstr ""

#. type: Plain text
msgid ""
"Keep in mind that we could still revoke the signing key ourselves as long as "
"three of us are able to communicate and gather their shares. So we only need "
"your help if only two of us are still able to communicate."
msgstr ""

#. type: Plain text
msgid ""
"Unless you really want to start the key revocation process, do not write to "
"this mailing list."
msgstr ""

#. type: Title =
#, no-wrap
msgid "Further communications\n"
msgstr ""

#. type: Plain text
msgid ""
"In case we need to communicate with you about this revocation mechanism in "
"the future, we will always do it with messages signed by the Tails signing "
"key itself. We might do so for example to:"
msgstr ""

#. type: Bullet: '  - '
msgid "Ask you to send your share to a new member of your group."
msgstr ""

#. type: Bullet: '  - '
msgid ""
amnesia's avatar
amnesia committed
430
"Ask you to delete your share. This could be needed to cancel the power of "
amnesia's avatar
amnesia committed
431 432 433 434 435 436 437 438
"others people's share: as long as enough of you delete their shares, the few "
"people that might not delete them would end up with unusable shares."
msgstr ""

#. type: Plain text
msgid "So, can we count on you for this?"
msgstr ""

amnesia's avatar
amnesia committed
439 440 441 442 443 444
#. type: Plain text
msgid ""
"If you answer positively, we will send you your share and subscribe you to "
"the mailing list."
msgstr ""

amnesia's avatar
amnesia committed
445 446 447
#. type: Plain text
#, no-wrap
msgid ""
amnesia's avatar
amnesia committed
448
"Thanks, and may the force be with you!\n"
amnesia's avatar
amnesia committed
449 450
"</pre>\n"
msgstr ""