Accidental use of revoke, when revoke-expired is intended, leads to revoking the wrong certificate.
This accidental use is caused as follows:
Generate or receive a request: gen-req alice
Sign the request: sign-req client alice
Sometime later - Certificate alice expires: expire alice
Sign a new certificate for alice: sign-req client alice
Sometime later (2) - Certificate alice expires: expire alice
Unable to use command expire alice due to old certificate for alice, which must be revoked by command revoke-expired.
Intending to revoke the expired certificate foralice; use of command revoke alice, instead of the intended revoke-expired alice, results in revoking the wrong certificate.
An annoying and insidious trap!
The solution appears to be: ~Prohibit~ Warn and get confirmation for use of revoke alice, while an expired certificate for alice is still present in the expired directory.
Possibly create command revoke-issued, to complement revoke-expired and revoke-renewed, and force use of revoke into choosing which type of certificate is intended to be revoked, when multiple types of files exist. This seems unnecessary.
~Or, rename revoke-expired to remove-expired.~
~Or, store expired certificates by serial number.~
Accidental use of
revoke
, whenrevoke-expired
is intended, leads to revoking the wrong certificate.This accidental use is caused as follows:
gen-req alice
sign-req client alice
alice
expires:expire alice
alice
:sign-req client alice
alice
expires:expire alice
expire alice
due to old certificate foralice
, which must be revoked by commandrevoke-expired
.alice
; use of commandrevoke alice
, instead of the intendedrevoke-expired alice
, results in revoking the wrong certificate.An annoying and insidious trap!
The solution appears to be: ~Prohibit~ Warn and get confirmation for use of
revoke alice
, while an expired certificate foralice
is still present in theexpired
directory.Possibly create command
revoke-issued
, to complementrevoke-expired
andrevoke-renewed
, and force use ofrevoke
into choosing which type of certificate is intended to be revoked, when multiple types of files exist. This seems unnecessary.~Or, rename
revoke-expired
toremove-expired
.~~Or, store expired certificates by serial number.~