Hi Netravnen,
On 2 Oct 2018, at 17:09, netravnen--- via db-wg <db-wg@ripe.net> wrote:
Hi db-wg,
Was updating my key-cert object in the database. And was wondering if it is by design revoked key id's is listed as owner of the key?
(I would normally expect revoked id's not being listed inside key-cert objects.)
The Explanation =============== I have several gpg id's as part of the key. Half is active. Half is revoked id's. All id's; even the revoked ones; is being listed as "owner:" when viewing the key-cert object in the database.
-Netravnen
the RIPE database generates owner attributes for *all* user ids found in the key-cert object, regardless of the key status (revoked, expired etc.). It's not allowed to use revoked master keys in key-cert objects, but sub-keys are not checked. Expired keys can be used, but a warning is added to the update response. This is the current behaviour, and was chosen for compatibility. We can restrict use of expired or revoked keys, if the db-wg agrees. Regards Ed