Hi Netravnen, > On 2 Oct 2018, at 17:09, netravnen--- via db-wg <[email protected]> wrote: > > Hi db-wg, > > Was updating my key-cert object in the database. And was wondering if it > is by design revoked key id's is listed as owner of the key? > > (I would normally expect revoked id's not being listed inside key-cert > objects.) > > > The Explanation > =============== > I have several gpg id's as part of the key. Half is active. Half is > revoked id's. > All id's; even the revoked ones; is being listed as "owner:" when > viewing the key-cert object in the database. > > -Netravnen >
the RIPE database generates owner attributes for *all* user ids found in the key-cert object, regardless of the key status (revoked, expired etc.). It's not allowed to use revoked master keys in key-cert objects, but sub-keys are not checked. Expired keys can be used, but a warning is added to the update response. This is the current behaviour, and was chosen for compatibility. We can restrict use of expired or revoked keys, if the db-wg agrees. Regards Ed
