Policies and protocols for dealing with private keys

[edsko]

This should document things such as

• Bootstrapping
• Key thresholds
• How many keys we have of each type
• Key validity (expiry time)
• Implications for key compromise
• Who holds keys, and how should they store them.

[edsko]

One issue that this should address are the policies surrounding the request sent to the root key holders to sign a new root.json. This cannot be an automatic response from the root key holders to an email by Duncan, say, because then effectively Duncan's email GPG key would become the (single) root of trust. Such policies would be social policies, primarily.

[edsko]

This has been decided by the Haskell committee but needs to be documented.