limiting scope of signing subkeys
guilhem at fripost.org
Wed Jun 7 18:44:55 CEST 2017
On Wed, 07 Jun 2017 at 15:55:31 +0200, Vincent Breitmoser wrote:
>> With (yet :-/) another flag, the program would
>>relax the behavior to accept the signature when *none* of the
>>*non-revoked* signing (sub)keys have the given notation.
> Careful there: if the key is obtained via an untrusted channel,
> subkeys may be suppressed and this won't be caught by the usual
> fingerprint checks. This becomes relevant here, since the properties
> of one subkey depend on the presence of other.
Isn't that the same for subkey rotation via revocation + creation? A
MiTM could strip away the revocation subpacket and the new subkey;
gpg(1) would then accept signatures made by old subkey (until it
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the Gnupg-devel