Open Radar

 
Area:
Something not on this list

Summary:
After upgrading a machine to Sierra, I noticed in the Console log that the Keychain Circle service was logging out that it was syncing with several devices that I no longer own, including their serial numbers and OS versions. This was disconcerting.

Steps to Reproduce:
1. Buy a new iOS device (v. important part of the reproduction steps)
2. Prepare to sell another iOS device by logging out of Find My Thing.
3. Forget to log out of iCloud before erasing the device.
4. Go to another device to remove or reset iCloud Keychain according to docs like HT202755.

Expected Results:
The iCloud Keychain of the iCloud prefpane on at least one of my devices, or somewhere on the iCloud device, I can revoke a device's access to the circle, particularly its participation in push.

Actual Results:
With iOS 10 and having enabled Two-Factor Authentication, there is no longer UI whatsoever around iCloud Keychain. (I actually like this bit, BTW.)

Version:
iOS 10.0 (14A5309d)

Notes:
Following the behaviors of HT202755 by turning off iCloud Keychain on all active devices and turning it back on seems to have the desired effect. It's unfortunate that this is undocumented and non-user-facing.

The UI I desire is not truly a secure thing; if the device has been compromised, iCloud Keychain should be reset, something which was also available in the prior UI.

Configuration:
User of iCloud Keychain with peers originating from iOS 7.0.3

Attachments: