[verify-commits] Allow revoked keys to expire #11539

pull TheBlueMatt wants to merge 1 commits into bitcoin:master from TheBlueMatt:2017-10-verify-regsig-expsig changing 1 files +5 −0
  1. TheBlueMatt commented at 8:35 PM on October 20, 2017: member

    This should fix verify-commits on master.

  2. [verify-commits] Allow revoked keys to expire d23be309c2
  3. theuni commented at 9:03 PM on October 20, 2017: member

    I see how this allows expired keys to pass if revoked keys are allowed, but I'm missing what constrains expired to revoked? Also not sure why we'd want that constraint?

  4. TheBlueMatt commented at 9:07 PM on October 20, 2017: member

    BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG is set in verify-commits.sh for every commit in contrib/verify-commits/allow-revsig-commits.

  5. theuni commented at 9:15 PM on October 20, 2017: member

    That's what I was missing, thanks.

    What happens when the next unrevoked key expires, though? Wouldn't all commits signed by that key fail to verify?

  6. TheBlueMatt commented at 9:17 PM on October 20, 2017: member

    If a key is not in-use, it should be revoked, and if it is revoked, its commits should be in allow-revsig-commits. (if its in-use, you can keep bumping the expiration date).

  7. theuni commented at 10:14 PM on October 20, 2017: member

    Sure, that makes sense. What I'm missing is how to sunset a key (a committer leaves) without having to mark all of its commits. Or is the script smart enough to stop at the first allow-revsig parent?

  8. TheBlueMatt commented at 10:17 PM on October 20, 2017: member

    No, currently you have to add all of their commits to the file. We could change to a first-revoked-signed-commit model like we do SHA512, but for now the list is short so I figure just leave it.

    On October 20, 2017 6:14:55 PM EDT, Cory Fields notifications@github.com wrote:

    Sure, that makes sense. What I'm missing is how to sunset a key (a committer leaves) without having to mark all of its commits. Or is the script smart enough to stop at the first allow-revsig parent?

    -- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/bitcoin/bitcoin/pull/11539#issuecomment-338334775

  9. theuni commented at 10:48 PM on October 20, 2017: member

    Seems to me we should just have a file for expired (sub)keys, and verify-commit is allowed to return EXPKEYSIG for those. Because they'd be historical anyway.

    That kind of change isn't urgent though, so utACK d23be309c2c45f655d5f5405e031833fb4b6bbb4 for the sake of fixing master.

  10. laanwj commented at 7:08 AM on October 21, 2017: member

    utACK

  11. laanwj merged this on Oct 21, 2017
  12. laanwj closed this on Oct 21, 2017
  13. laanwj referenced this in commit e668a6e61d on Oct 21, 2017
  14. MarcoFalke referenced this in commit 01223a0261 on Oct 23, 2017
  15. codablock referenced this in commit 29e505a99c on Sep 26, 2019
  16. codablock referenced this in commit 7919c96818 on Sep 30, 2019
  17. barrystyle referenced this in commit db17812e76 on Jan 22, 2020
  18. MarcoFalke locked this on Sep 8, 2021
Contributors
TheBlueMatttheunilaanwj
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-24 15:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me