comment to bug about existing invalid authentication keys.

2 files changed, 16 insertions, 2 deletions

diff --git a/website/bugs/authorized_keys-options.mdwn b/website/bugs/authorized_keys-options.mdwn
index a066318..4e7a838 100644
--- a/website/bugs/authorized_keys-options.mdwn
+++ b/website/bugs/authorized_keys-options.mdwn
@@ -1,7 +1,5 @@
 [[meta title="Monkeysphere support for options in authorized_keys"]]
 
-# Monkeysphere support for options within `authorized_keys` #
-
 OpenSSH [allows users to control the capabilities granted to remote
 key-based
 logins](http://www.hackinglinuxexposed.com/articles/20030109.html) by
diff --git a/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn b/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn
index 8181437..3c7e804 100644
--- a/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn
+++ b/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn
@@ -19,3 +19,19 @@ revoked, so probably monkeysphere needs to be looking at gpg's
 computed validity from the public keyring instead of the secret
 keyring to be able to get the "r" flag from field 2, in addition to
 the "e" flag from field 12.
+
+---
+
+So the problem is that there is no field 2 for secret keys.  From
+/usr/share/doc/gnupg/DETAILS.gz:
+
+      2. Field:  A letter describing the calculated trust. This is a single
+      	 	 letter, but be prepared that additional information may follow
+		 in some future versions. (not used for secret keys)
+
+Why would secret keys not have this field?  They have validity too,
+right?  This doesn't make any sense.  I verify that indeed there is no
+output in field 2 for secret keys.  I would say this is a bug in gpg,
+but it's clearly done on purpose.  Any ideas?
+
+-- jrollins