{{Header}} __FORCETOC__
{{title|title=
Dev/apt-revoker
}}
{{#seo:
|description=Concept for developing software to revoke APT signing keys in case these are compromised.
|image=Roll-160319640.jpg
}}
{{dev_apt_mininav}}
[[File:Roll-160319640.jpg|thumb]]
{{intro|
Concept for developing software to revoke APT signing keys in case these are compromised.
}}
__TOC__
= Materials =
'''UNFINISHED''' (barely started)

Materials - pieces of information and links that should be included in the draft.

=== keyserver discussion ===
Reread this whole thread:
[https://lists.nongnu.org/archive/html/sks-devel/2013-12/threads.html#00073 sks-devel thread (December 2013)]

=== find and reread this discussion ===
[https://lists.nongnu.org/archive/html/sks-devel/2013-12/msg00075.html sks-devel message (December 2013)]

<blockquote>
>> Good question.  Probably, but some keyserver operators might view
>> it as rude.  Best to ask on address@hidden

> Will do.
</blockquote>

=== separate DNS ===
aptrevoker.debian.org so this can be turned off / redirected in case keyservers cannot handle the load

=== /etc/apt-revoker.d ===
The code for downloading the revocation certificates should be configurable.

Download the signing key revocation certificates from:

* version 1 - download from clearnet keyservers
* version 2 - optionally download from onion keyservers
* version 3 - optionally download from Freenet, or something that implements a [[Dev/Permanent_Takedown_Attack_Defender|permanent takedown attack defense]]

= Proposal =
TODO:

* Take any of the above bullet points one by one and convert those into good wording that can be posted on the debian-devel mailing list.

<pre>

</pre>

= Related =
* [[Dev/project-news]]
* [[Dev/Permanent Takedown Attack Defender|Permanent Takedown Attack Defender, proposal to defend a permanent takedown threat]]

{{Footer}}
[[Category:Development]]