Hi, On Mon, Nov 05, 2018 at 04:12:10PM +0100, Edward Shryane via db-wg wrote: > Should the RIPE database refuse to apply updates that were signed more than > 'n' minutes ago (or in the future) ?
I think this would be a valuable improvement. > > Usually I will expect if I revoke a GPG-key|X509-cert. It cannot be used > > any more. But the RIPE NCC Database does still allow this currently. > > This is relevant in the case I ever lose a private GPG-key|X509-cert to > > less than friendly 3rd-parties. And the lost private GPG-key|X509-cert > > is the one used for signing updates to the database. > > Revoked keys indeed cannot be used any more. To revoke a key, you will need > to update the existing key-cert object with the revoked version. You can also > delete the key-cert object. > > Is it enough to update or delete a revoked key? Should the RIPE database > process key revocation certificates? One of the problems here is that the RIPE DB cannot reliably know if a GPG key is revoked, unless it is *told*. "Telling it" can be done nicely by removing the key-cert object - otherwiese it would need to poll key-servers and hope for a key revocation to appear there. A catch-22 arises if the key-cert object needs a signed update with that very key to be deleted... (Not providing solutions, just bringing up aspects to consider) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature