This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] "key-cert" objects - emails listed as "owner" even thou id has been revoked
- Previous message (by thread): [db-wg] "key-cert" objects - emails listed as "owner" even thou id has been revoked
- Next message (by thread): [db-wg] WG Chair Selection - Call for Discussion
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Edward Shryane
eshryane at ripe.net
Wed Oct 3 11:00:03 CEST 2018
Hi Netravnen, > On 2 Oct 2018, at 17:09, netravnen--- via db-wg <db-wg at ripe.net> wrote: > > Hi db-wg, > > Was updating my key-cert object in the database. And was wondering if it > is by design revoked key id's is listed as owner of the key? > > (I would normally expect revoked id's not being listed inside key-cert > objects.) > > > The Explanation > =============== > I have several gpg id's as part of the key. Half is active. Half is > revoked id's. > All id's; even the revoked ones; is being listed as "owner:" when > viewing the key-cert object in the database. > > -Netravnen > the RIPE database generates owner attributes for *all* user ids found in the key-cert object, regardless of the key status (revoked, expired etc.). It's not allowed to use revoked master keys in key-cert objects, but sub-keys are not checked. Expired keys can be used, but a warning is added to the update response. This is the current behaviour, and was chosen for compatibility. We can restrict use of expired or revoked keys, if the db-wg agrees. Regards Ed
- Previous message (by thread): [db-wg] "key-cert" objects - emails listed as "owner" even thou id has been revoked
- Next message (by thread): [db-wg] WG Chair Selection - Call for Discussion
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]