new (2003-11-30) keyanalyze results

David Shaw dshaw at
Mon Dec 1 12:47:39 CET 2003

On Mon, Dec 01, 2003 at 11:30:30AM -0600, David Champion wrote:
> * On 2003.12.01, in <20031201150933.GA3184 at>,
> *	"David Shaw" <dshaw at> wrote:
> > > 
> > > Hmm. I wonder if somebody shouldn't just revoke them. (As proof that
> > > they are *really* vulnerable).
> > 
> > Heh.  I was waiting for someone to suggest this.  I'm a little
> > surprised it took this long. ;)
> > 
> > Using a compromised key to revoke a key out from under someone else
> > raises some interesting ethical questions.  It's similar (though not
> I think it's pretty easy to call it "unethical" without much further
> consideration. It's the same as entering a protected system with an
> exploitable vulnerability and "fixing" it, without regard to what
> internal subsystems this "fix" breaks. There's always someone whose
> daily routine depends on something that's tangentially broken, who
> would be glad to fix it as soon as they're back in the office, or a
> maintenance window opens, or their grandmother's out of the hospital,
> or whatever. You might catch 20 people who simply know no better, but
> there's a 21st who critically cannot change at this moment.

Yep.  Which is why notifications happened, rather than forced
revocations.  This does mean there will be some keys that never get
revoked, but that is being handled on the GnuPG side by refusing to
use them.  Users are free to not upgrade, but eventually there will be
nobody to talk to.


More information about the Gnupg-users mailing list