Opened 7 years ago

Closed 6 years ago

#3695 closed Bug/Something is broken (wontfix)

revoke turner's ssh key

Reported by: https://id.mayfirst.org/dkg Owned by: https://id.mayfirst.org/dkg
Priority: Medium Component: Tech
Keywords: turner.mayfirst.org monkeysphere revocation needs-review Cc:
Sensitive: no

Description

apparently, turner has been retired. If that is case, we should revoke turner's SSH key, which is floating around the monkeysphere :(

I've already revoked my certification over the key, but it would be ideal to issue a revocation certificate for the primary key itself.

This should be a standard step for de-commissioning a server.

Change History (2)

comment:1 Changed 6 years ago by https://id.mayfirst.org/nat

  • Keywords needs-review added
  • Owner changed from https://id.mayfirst.org/jamie to https://id.mayfirst.org/dkg
  • Status changed from new to assigned

It appears that turner's key has never been revoked:

0 nat@pigtown:~$ gpg --list-key "80AA 6974 5F4A 1605 9D31  6F71 F407 86E5 005A D000"
pub   2048R/005AD000 2010-04-15
uid                  ssh://turner.mayfirst.org

0 nat@pigtown:~$ 

Do we still have the secret key material for turner? Is it even possible for us to revoke the key at this point?

dkg, I'm reassigning this to you as you might have some clue about the whereabouts of a revocation certificate. Also, I might not be clear on the process of checking signature revocation, but it seems that you might not have published your revocation either.

0 nat@pigtown:~$ gpg --check-sigs include-revoked "80AA 6974 5F4A 1605 9D31  6F71 F407 86E5 005A D000"
pub   2048R/005AD000 2010-04-15
uid                  ssh://turner.mayfirst.org
sig!3        005AD000 2010-04-15  ssh://turner.mayfirst.org
sig!         D21739E9 2010-04-15  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Let me know if I'm reading that wrong.

--nat

comment:2 Changed 6 years ago by https://id.mayfirst.org/nat

  • Resolution set to wontfix
  • Status changed from assigned to closed

I was reading that correctly, but had not refreshed the key in my keyring.

0 nat@pigtown:~$ gpg --list-sigs "80AA 6974 5F4A 1605 9D31  6F71 F407 86E5 005A D000"
pub   2048R/005AD000 2010-04-15
uid                  ssh://turner.mayfirst.org
sig 3        005AD000 2010-04-15  ssh://turner.mayfirst.org
sig          D21739E9 2010-04-15  Daniel Kahn Gillmor <dkg@fifthhorseman.net>
rev          D21739E9 2010-12-08  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

0 nat@pigtown:~$ 

Since we no longer have the original secret key material, or a revocation certificate, I'm going to close this ticket.

--nat

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.