Re: [db-wg] Proposal for restricting authentication concerning use of revoked and expired GPG ID's in key-cert objects
Hi Gunnar, On Thu, 1 Nov 2018 at 15:51, Gunnar Guðvarðarson <gunnar.gudvardarson@advania.is> wrote:
What happens if you send signed update A, then signed update B, and then re-send signed update A.
Does the re-sent signed update overwrite the object?
Yes! If you re-send an older (signed) version (A) of an object in the RIPE database. A newer update (B) can be overwritten with the older one (A). The current implementation in the DB does not validate anything apart if the key as allowed or not. Expiration date or if an object has been update since an incoming update message is not taken into account. If the update message is signed with a valid key. It is accepted. (Currently I have only tested this with my own objects in the DB) Christoffer
participants (1)
-
Christoffer Hansen (Lists)