limiting scope of signing subkeys

[Guilhem Moulin]

On Wed, 07 Jun 2017 at 15:55:31 +0200, Vincent Breitmoser wrote:
>> With (yet :-/) another flag, the program would
>>relax the behavior to accept the signature when *none* of the
>>*non-revoked* signing (sub)keys have the given notation.
> 
> Careful there: if the key is obtained via an untrusted channel,
> subkeys may be suppressed and this won't be caught by the usual
> fingerprint checks. This becomes relevant here, since the properties
> of one subkey depend on the presence of other. 

Isn't that the same for subkey rotation via revocation + creation?  A
MiTM could strip away the revocation subpacket and the new subkey;
gpg(1) would then accept signatures made by old subkey (until it
expires), right?

-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170607/0295c942/attachment.sig>