On Tue 2015-04-07 09:14:09 -0400, Alfredo Palhares wrote: > [dkg wrote:] >> Do you want to require multiple people to come together to use that >> secret key? or do you want them each to have the ability to use the key >> independently from each other? > > The objective is require multiple people to use that secret key. Yes
This is still ambiguous to me. I described two distinct cases, and i'm not sure which one you are agreeing to. From the rest of your message, i think you're agreeing to the first question, but not the second. >> The answer about what to do would depend on how you want the key to be >> used. > > Basically this key would a part of the encryption group of all the other > credentails. And to be the only key to encrypt extremely sensitive data I don't know what "the encryption group" means. can you explain further? I think you might mean that everything encrypted to any key will also be encrypted to this key; and that some especially sensitive material will *only* be encrypted to this key. >> My understanding is that the Tails community does something like this, >> but they are a highly-technical group who are willing to custom-build >> their own tools and to endure quite a bit of tedious and inconvenient >> process to protect the safety of their users. > > Do they have this documented somewhere. https://tails.boum.org/news/signing_key_transition/index.en.html#index2h1 says: * Is not owned in a usable format by any single individual. It is split cryptographically using gfshare. gfshare is: http://www.digital-scurf.org/software/libgfshare If you have more questions about how they this, you may wish to ask them to the tails folks themselves: https://tails.boum.org/support/index.en.html I find that their mailing lists and IRC channel (see "Support List" and "Chat" at the bottom of the page) are usually pretty helpful and responsive to well-framed questions. hth, --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
