diff options
Diffstat (limited to 'website/bugs/revoke-hostname-revoking-wrong-userid.mdwm')
-rw-r--r-- | website/bugs/revoke-hostname-revoking-wrong-userid.mdwm | 94 |
1 files changed, 0 insertions, 94 deletions
diff --git a/website/bugs/revoke-hostname-revoking-wrong-userid.mdwm b/website/bugs/revoke-hostname-revoking-wrong-userid.mdwm deleted file mode 100644 index 5c2c508..0000000 --- a/website/bugs/revoke-hostname-revoking-wrong-userid.mdwm +++ /dev/null @@ -1,94 +0,0 @@ -[[meta title="revoke-hostname function revokes wrong hostname user ID"]] - -It appears that the monkeysphere-server revoke-hostname function will -occasionaly revoke the wrong hostname. I say occasionally, but it -seems to be doing it pretty consistently for me at the moment: - - servo:~ 0$ sudo monkeysphere-server n- servo.finestructure.net - The following host key user ID will be revoked: - ssh://servo.finestructure.net - Are you sure you would like to revoke this user ID? (y/N) y - gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc. - This is free software: you are free to change and redistribute it. - There is NO WARRANTY, to the extent permitted by law. - - Secret key is available. - - pub 1024R/9EEAC276 created: 2008-07-10 expires: never usage: CA - trust: ultimate validity: ultimate - [ultimate] (1) ssh://localhost.localdomain - [ultimate] (2). ssh://servo.finestructure.net - [ revoked] (3) ssh://jamie.rollins - [ revoked] (4) asdfsdflkjsdf - [ revoked] (5) ssh://asdfsdlf.safsdf - [ revoked] (6) ssh://bar.baz - [ revoked] (7) ssh://foo.bar - [ revoked] (8) ssh:// - - - pub 1024R/9EEAC276 created: 2008-07-10 expires: never usage: CA - trust: ultimate validity: ultimate - [ultimate] (1)* ssh://localhost.localdomain - [ultimate] (2). ssh://servo.finestructure.net - [ revoked] (3) ssh://jamie.rollins - [ revoked] (4) asdfsdflkjsdf - [ revoked] (5) ssh://asdfsdlf.safsdf - [ revoked] (6) ssh://bar.baz - [ revoked] (7) ssh://foo.bar - [ revoked] (8) ssh:// - - Please select the reason for the revocation: - 0 = No reason specified - 4 = User ID is no longer valid - Q = Cancel - (Probably you want to select 4 here) - Enter an optional description; end it with an empty line: - Reason for revocation: User ID is no longer valid - Hostname removed by monkeysphere-server 2008-08-16T17:34:02 - - pub 1024R/9EEAC276 created: 2008-07-10 expires: never usage: CA - trust: ultimate validity: ultimate - [ revoked] (1) ssh://localhost.localdomain - [ultimate] (2). ssh://servo.finestructure.net - [ revoked] (3) ssh://jamie.rollins - [ revoked] (4) asdfsdflkjsdf - [ revoked] (5) ssh://asdfsdlf.safsdf - [ revoked] (6) ssh://bar.baz - [ revoked] (7) ssh://foo.bar - [ revoked] (8) ssh:// - - gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model - gpg: depth: 0 valid: 1 signed: 2 trust: 0-, 0q, 0n, 0m, 0f, 1u - gpg: depth: 1 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 2f, 0u - gpg: next trustdb check due at 2012-01-07 - sec 1024R/9EEAC276 2008-07-10 - Key fingerprint = C094 43E0 6882 8BE2 E9AD 516C 45CF 974D 9EEA C276 - uid ssh://servo.finestructure.net - uid [ revoked] ssh://localhost.localdomain - uid [ revoked] ssh://jamie.rollins - uid [ revoked] asdfsdflkjsdf - uid [ revoked] ssh://asdfsdlf.safsdf - uid [ revoked] ssh://bar.baz - uid [ revoked] ssh://foo.bar - uid [ revoked] ssh:// - - NOTE: User ID revoked, but revokation not published. - Run 'monkeysphere-server publish-key' to publish the revocation. - servo:~ 0$ - -Clearly this is unacceptable. Because of more inadequacies in gpg, -you can't specify a uid to revoke from the command line. The uid -revokation requires an edit-key script, which we have used before, but -you have to specify by "number" which uid to revoke. We currently try -to guess the number from the ordering of the output of list-key. This -however is not always accurate. I don't have a good solution for a -fix at the moment. Suggestions are most welcome. It may just require -some trial and error with edit-key to come up with something workable. - -This underlines the problem that gpg sucks ass as a tool for -manipulating gpg keyrings non-interactively. This is a big problem. -We need something better that we can use. I would gladly rewrite -everything if there was a better tool out there, but I don't know of -one. - --- Big Jimmy. |