summaryrefslogtreecommitdiff
path: root/website/bugs
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@phys.columbia.edu>2008-10-26 22:07:07 -0400
committerJameson Graef Rollins <jrollins@phys.columbia.edu>2008-10-26 22:07:07 -0400
commit21fd6545dee4948cad0e726d47f092c9c86f2fba (patch)
tree23b65e5bb378815f06fb7fb61637dedcaa311fdf /website/bugs
parent3b0d5361bcaa53770ae4130dc08a1b9ea6d36cfd (diff)
comment to bug about existing invalid authentication keys.
Diffstat (limited to 'website/bugs')
-rw-r--r--website/bugs/authorized_keys-options.mdwn2
-rw-r--r--website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn16
2 files changed, 16 insertions, 2 deletions
diff --git a/website/bugs/authorized_keys-options.mdwn b/website/bugs/authorized_keys-options.mdwn
index a066318..4e7a838 100644
--- a/website/bugs/authorized_keys-options.mdwn
+++ b/website/bugs/authorized_keys-options.mdwn
@@ -1,7 +1,5 @@
[[meta title="Monkeysphere support for options in authorized_keys"]]
-# Monkeysphere support for options within `authorized_keys` #
-
OpenSSH [allows users to control the capabilities granted to remote
key-based
logins](http://www.hackinglinuxexposed.com/articles/20030109.html) by
diff --git a/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn b/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn
index 8181437..3c7e804 100644
--- a/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn
+++ b/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn
@@ -19,3 +19,19 @@ revoked, so probably monkeysphere needs to be looking at gpg's
computed validity from the public keyring instead of the secret
keyring to be able to get the "r" flag from field 2, in addition to
the "e" flag from field 12.
+
+---
+
+So the problem is that there is no field 2 for secret keys. From
+/usr/share/doc/gnupg/DETAILS.gz:
+
+ 2. Field: A letter describing the calculated trust. This is a single
+ letter, but be prepared that additional information may follow
+ in some future versions. (not used for secret keys)
+
+Why would secret keys not have this field? They have validity too,
+right? This doesn't make any sense. I verify that indeed there is no
+output in field 2 for secret keys. I would say this is a bug in gpg,
+but it's clearly done on purpose. Any ideas?
+
+-- jrollins