subkey binding signature with no usage flags and/or a critical notation

Werner Koch wk at
Sat Sep 14 10:51:02 CEST 2013

On Wed, 11 Sep 2013 23:46, dkg at said:

> As i reported earlier, this fix works fine.  I've backported it against
> 1.4.14 and it works there too (below).  It does not seem to be applied
> to the stable branches (1.4 and 2.0).  I think it needs to be applied
> to the stable branches.

It is quite possible that I lost track of it.

> Without this patch, if a subkey with a usage flags subpacket that is
> all-zero appears, GnuPG thinks that the key is valid for all
> capabilities (usage: SCEA).

Yes.  It is the key owner's decision.

>  * if it's someone else's key, GnuPG may be willing to rely on OpenPGP
>    certifications made by the key, despite the owner having clearly

No.  Key signatures (certifications) are only allowed by the primary
key.  This is an OpenPGP requirement.

> sent a message to an automated service which requires signed mail, and
> the message was rejected because it was made by this subkey).

Old PGP versions (iirc < 6.58) were not abale to handle sugnature
subkeys.  Same hoes for old keyservers.

> I'm inclined to see this as a security vulnerability (because of the
> confidentiality and certification-following concerns); i'd like to see

Sorry, I don't understand.  Only the owner of the key can create a
subkey.  We can't forbid him to shoot in his own foot.

> it fixed in the stable branches and assigned a CVE, so that i can push
> for getting it resolved in those distros that care about CVE coverage.




Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list