On Tue, Mar 10, 2020 at 05:53:13PM -0500, Matthew Hardeman via dev-security-policy wrote: > Isn't the evident answer, if reasonable compromise is not forthcoming, just > to publish the compromised private key. There's no proof of a compromised > private key quite as good as providing a copy of it.
Yes, going full-disc is one option. I'm hopeful that there is a happy middle ground somewhere that means I don't have to drop keys in full public view, though. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy