[[meta title="revoke-hostname function revokes wrong hostname user ID"]]

It appears that the monkeysphere-server revoke-hostname function will
occasionaly revoke the wrong hostname.  I say occasionally, but it
seems to be doing it pretty consistently for me at the moment:
        
	servo:~ 0$ sudo monkeysphere-server n- servo.finestructure.net
	The following host key user ID will be revoked:
	  ssh://servo.finestructure.net
	Are you sure you would like to revoke this user ID? (y/N) y
	gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
	This is free software: you are free to change and redistribute it.
	There is NO WARRANTY, to the extent permitted by law.
	
	Secret key is available.
	
	pub  1024R/9EEAC276  created: 2008-07-10  expires: never       usage: CA  
	                     trust: ultimate      validity: ultimate
	[ultimate] (1)  ssh://localhost.localdomain
	[ultimate] (2). ssh://servo.finestructure.net
	[ revoked] (3)  ssh://jamie.rollins
	[ revoked] (4)  asdfsdflkjsdf
	[ revoked] (5)  ssh://asdfsdlf.safsdf
	[ revoked] (6)  ssh://bar.baz
	[ revoked] (7)  ssh://foo.bar
	[ revoked] (8)  ssh://
	
	
	pub  1024R/9EEAC276  created: 2008-07-10  expires: never       usage: CA  
	                     trust: ultimate      validity: ultimate
	[ultimate] (1)* ssh://localhost.localdomain
	[ultimate] (2). ssh://servo.finestructure.net
	[ revoked] (3)  ssh://jamie.rollins
	[ revoked] (4)  asdfsdflkjsdf
	[ revoked] (5)  ssh://asdfsdlf.safsdf
	[ revoked] (6)  ssh://bar.baz
	[ revoked] (7)  ssh://foo.bar
	[ revoked] (8)  ssh://
	
	Please select the reason for the revocation:
	  0 = No reason specified
	  4 = User ID is no longer valid
	  Q = Cancel
	(Probably you want to select 4 here)
	Enter an optional description; end it with an empty line:
	Reason for revocation: User ID is no longer valid
	Hostname removed by monkeysphere-server 2008-08-16T17:34:02
	
	pub  1024R/9EEAC276  created: 2008-07-10  expires: never       usage: CA  
	                     trust: ultimate      validity: ultimate
	[ revoked] (1)  ssh://localhost.localdomain
	[ultimate] (2). ssh://servo.finestructure.net
	[ revoked] (3)  ssh://jamie.rollins
	[ revoked] (4)  asdfsdflkjsdf
	[ revoked] (5)  ssh://asdfsdlf.safsdf
	[ revoked] (6)  ssh://bar.baz
	[ revoked] (7)  ssh://foo.bar
	[ revoked] (8)  ssh://
	
	gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
	gpg: depth: 0  valid:   1  signed:   2  trust: 0-, 0q, 0n, 0m, 0f, 1u
	gpg: depth: 1  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 2f, 0u
	gpg: next trustdb check due at 2012-01-07
	sec   1024R/9EEAC276 2008-07-10
	      Key fingerprint = C094 43E0 6882 8BE2 E9AD  516C 45CF 974D 9EEA C276
	uid                  ssh://servo.finestructure.net
	uid       [ revoked] ssh://localhost.localdomain
	uid       [ revoked] ssh://jamie.rollins
	uid       [ revoked] asdfsdflkjsdf
	uid       [ revoked] ssh://asdfsdlf.safsdf
	uid       [ revoked] ssh://bar.baz
	uid       [ revoked] ssh://foo.bar
	uid       [ revoked] ssh://
	
	NOTE: User ID revoked, but revokation not published.
	Run 'monkeysphere-server publish-key' to publish the revocation.
	servo:~ 0$ 
	
Clearly this is unacceptable.  Because of more inadequacies in gpg,
you can't specify a uid to revoke from the command line.  The uid
revokation requires an edit-key script, which we have used before, but
you have to specify by "number" which uid to revoke.  We currently try
to guess the number from the ordering of the output of list-key.  This
however is not always accurate.  I don't have a good solution for a
fix at the moment.  Suggestions are most welcome.  It may just require
some trial and error with edit-key to come up with something workable.

This underlines the problem that gpg sucks ass as a tool for
manipulating gpg keyrings non-interactively.  This is a big problem.
We need something better that we can use.  I would gladly rewrite
everything if there was a better tool out there, but I don't know of
one.

-- Big Jimmy.