[db-wg] "key-cert" objects - emails listed as "owner" even thou id has been revoked
- Previous message (by thread): [db-wg] "key-cert" objects - emails listed as "owner" even thou id has been revoked
- Next message (by thread): [db-wg] WG Chair Selection - Call for Discussion
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Edward Shryane
eshryane at ripe.net
Wed Oct 3 11:00:03 CEST 2018
Hi Netravnen, > On 2 Oct 2018, at 17:09, netravnen--- via db-wg <db-wg at ripe.net> wrote: > > Hi db-wg, > > Was updating my key-cert object in the database. And was wondering if it > is by design revoked key id's is listed as owner of the key? > > (I would normally expect revoked id's not being listed inside key-cert > objects.) > > > The Explanation > =============== > I have several gpg id's as part of the key. Half is active. Half is > revoked id's. > All id's; even the revoked ones; is being listed as "owner:" when > viewing the key-cert object in the database. > > -Netravnen > the RIPE database generates owner attributes for *all* user ids found in the key-cert object, regardless of the key status (revoked, expired etc.). It's not allowed to use revoked master keys in key-cert objects, but sub-keys are not checked. Expired keys can be used, but a warning is added to the update response. This is the current behaviour, and was chosen for compatibility. We can restrict use of expired or revoked keys, if the db-wg agrees. Regards Ed
- Previous message (by thread): [db-wg] "key-cert" objects - emails listed as "owner" even thou id has been revoked
- Next message (by thread): [db-wg] WG Chair Selection - Call for Discussion
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]