To revoke a user ID, require the cert be valid under the current policy.
- Change `sq key userid revoke` to require the certificate be valid under the current policy. If the certificate is not valid under the current policy, the user should revoke the whole certificate, or fix it using `sq cert lint` after verifying the certificate's integrity. If the certificate is valid under the current policy, but the user ID to revoke isn't, it can still be revoked using `--userid-or-add`. - See #375.
This commit is contained in:
parent
99ad920c43
commit
bfc843bc52
@ -197,6 +197,13 @@ the certificate that is being revoked, this results in a third-party \
|
|||||||
revocation. This is normally only useful if the owner of the \
|
revocation. This is normally only useful if the owner of the \
|
||||||
certificate designated the key to be a designated revoker.
|
certificate designated the key to be a designated revoker.
|
||||||
|
|
||||||
|
To revoke a user ID, the certificate must be valid under the current \
|
||||||
|
policy. If the certificate is not valid under the current policy, \
|
||||||
|
consider revoking the whole certificate, or fixing it using `sq cert \
|
||||||
|
lint` after verifying the certificate's integrity. If the certificate \
|
||||||
|
is valid under the current policy, but the user ID you want to revoke \
|
||||||
|
isn't, you can still revoke the user ID using `--userid-or-add`.
|
||||||
|
|
||||||
`sq key userid revoke` respects the reference time set by the top-level \
|
`sq key userid revoke` respects the reference time set by the top-level \
|
||||||
`--time` argument. When set, it uses the specified time instead of \
|
`--time` argument. When set, it uses the specified time instead of \
|
||||||
the current time when determining what keys are valid, and it sets \
|
the current time when determining what keys are valid, and it sets \
|
||||||
|
@ -28,7 +28,6 @@ use crate::cli::types::userid_designator::ResolvedUserID;
|
|||||||
use crate::cli;
|
use crate::cli;
|
||||||
use crate::common::RevocationOutput;
|
use crate::common::RevocationOutput;
|
||||||
use crate::common::get_secret_signer;
|
use crate::common::get_secret_signer;
|
||||||
use crate::sq::NULL_POLICY;
|
|
||||||
use crate::common::userid::{
|
use crate::common::userid::{
|
||||||
lint_emails,
|
lint_emails,
|
||||||
lint_names,
|
lint_names,
|
||||||
@ -303,12 +302,18 @@ pub fn userid_revoke(
|
|||||||
) -> Result<()> {
|
) -> Result<()> {
|
||||||
let cert =
|
let cert =
|
||||||
sq.resolve_cert(&command.cert, sequoia_wot::FULLY_TRUSTED)?.0;
|
sq.resolve_cert(&command.cert, sequoia_wot::FULLY_TRUSTED)?.0;
|
||||||
// We require the User ID to have a valid self signature under the
|
// To revoke a user ID, we require the certificate be valid under
|
||||||
// Null policy. We use the Null policy and not the standard
|
// the current policy. Users can still revoke user IDs whose
|
||||||
// policy, because it is still useful to revoke a User ID whose
|
// binding signature relies on weak cryptography using
|
||||||
// self signature is no longer valid. For instance, the binding
|
// `--user-or-add`.
|
||||||
// signature may use SHA-1.
|
let vcert = cert.with_policy(sq.policy, sq.time)
|
||||||
let vcert = cert.with_policy(&NULL_POLICY, sq.time)?;
|
.with_context(|| {
|
||||||
|
format!("The certificate is not valid under the current \
|
||||||
|
policy. Consider revoking the whole certificate \
|
||||||
|
using `sq key revoke`, or fixing it using \
|
||||||
|
`sq cert lint` after verifying the certificate's \
|
||||||
|
integrity.")
|
||||||
|
})?;
|
||||||
let userids = command.userids.resolve(&vcert)?;
|
let userids = command.userids.resolve(&vcert)?;
|
||||||
assert_eq!(userids.len(), 1, "exactly one user ID enforced by clap");
|
assert_eq!(userids.len(), 1, "exactly one user ID enforced by clap");
|
||||||
let userid = userids.into_iter().next().unwrap();
|
let userid = userids.into_iter().next().unwrap();
|
||||||
|
@ -42,9 +42,18 @@ fn sha1_userid() {
|
|||||||
= String::from_utf8_lossy(weak_userids[0].value()).to_string();
|
= String::from_utf8_lossy(weak_userids[0].value()).to_string();
|
||||||
|
|
||||||
let updated_path = sq.scratch_file("updated");
|
let updated_path = sq.scratch_file("updated");
|
||||||
|
assert!(
|
||||||
|
sq.key_userid_revoke_maybe(&[],
|
||||||
|
&cert_path,
|
||||||
|
&weak_userid,
|
||||||
|
"retired",
|
||||||
|
"bye, bye",
|
||||||
|
updated_path.as_path())
|
||||||
|
.is_err());
|
||||||
|
|
||||||
sq.key_userid_revoke(&[],
|
sq.key_userid_revoke(&[],
|
||||||
cert_path,
|
&cert_path,
|
||||||
&weak_userid,
|
UserIDArg::AddUserID(&weak_userid),
|
||||||
"retired",
|
"retired",
|
||||||
"bye, bye",
|
"bye, bye",
|
||||||
updated_path.as_path());
|
updated_path.as_path());
|
||||||
|
Loading…
Reference in New Issue
Block a user