Hi, On Mon, Nov 05, 2018 at 04:12:10PM +0100, Edward Shryane via db-wg wrote:
Should the RIPE database refuse to apply updates that were signed more than 'n' minutes ago (or in the future) ?
I think this would be a valuable improvement.
Usually I will expect if I revoke a GPG-key|X509-cert. It cannot be used any more. But the RIPE NCC Database does still allow this currently. This is relevant in the case I ever lose a private GPG-key|X509-cert to less than friendly 3rd-parties. And the lost private GPG-key|X509-cert is the one used for signing updates to the database.
Revoked keys indeed cannot be used any more. To revoke a key, you will need to update the existing key-cert object with the revoked version. You can also delete the key-cert object.
Is it enough to update or delete a revoked key? Should the RIPE database process key revocation certificates?
One of the problems here is that the RIPE DB cannot reliably know if a GPG key is revoked, unless it is *told*. "Telling it" can be done nicely by removing the key-cert object - otherwiese it would need to poll key-servers and hope for a key revocation to appear there. A catch-22 arises if the key-cert object needs a signed update with that very key to be deleted... (Not providing solutions, just bringing up aspects to consider) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279