Hi, On Mon, Nov 05, 2018 at 04:12:10PM +0100, Edward Shryane via db-wg wrote: > Should the RIPE database refuse to apply updates that were signed more than > 'n' minutes ago (or in the future) ?
I think this would be a valuable improvement.
> > Usually I will expect if I revoke a GPG-key|X509-cert. It cannot be used
> > any more. But the RIPE NCC Database does still allow this currently.
> > This is relevant in the case I ever lose a private GPG-key|X509-cert to
> > less than friendly 3rd-parties. And the lost private GPG-key|X509-cert
> > is the one used for signing updates to the database.
>
> Revoked keys indeed cannot be used any more. To revoke a key, you will need
> to update the existing key-cert object with the revoked version. You can also
> delete the key-cert object.
>
> Is it enough to update or delete a revoked key? Should the RIPE database
> process key revocation certificates?
One of the problems here is that the RIPE DB cannot reliably know if
a GPG key is revoked, unless it is *told*.
"Telling it" can be done nicely by removing the key-cert object - otherwiese
it would need to poll key-servers and hope for a key revocation to appear
there.
A catch-22 arises if the key-cert object needs a signed update with that
very key to be deleted...
(Not providing solutions, just bringing up aspects to consider)
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature
