subkey binding signature with no usage flags

Robert J. Hansen rjh at
Sat Sep 14 18:26:54 CEST 2013

On 9/14/2013 11:44 AM, Daniel Kahn Gillmor wrote:
> This is a security vulnerability because it exposes messages that
> should be confidential to decryption by keys that are not intended or
> designated for that purpose.

You have not discovered a security vulnerability in either GnuPG or SKS.
 You have discovered that users who are not as clever as they think can
use the --expert flag to do foolish things, and that some of these
foolish things have consequences attached.

To this, all I can say is I hope the GnuPG developers triage this as

More information about the Gnupg-devel mailing list