new (2003-11-30) keyanalyze results

Adrian 'Dagurashibanipal' von Bidder avbidder at fortytwo.ch
Mon Dec 1 21:05:36 CET 2003


On Monday 01 December 2003 16:09, David Shaw wrote:
> On Mon, Dec 01, 2003 at 09:06:08AM +0100, Adrian von Bidder wrote:

> > Hmm. I wonder if somebody shouldn't just revoke them. (As proof that
> > they are *really* vulnerable).
>
> Heh.  I was waiting for someone to suggest this.  I'm a little
> surprised it took this long. ;)

:-)

> [...] raises some interesting ethical questions.  [...]

Yes. And I guess we shouldn't do it. In those cases, where the key is still in 
use, people will notice when they upgrade gpg.

> > Of course, this is only easy where it's the primary, where the
> > selfsig is available.
>
> It's only *possible* where it is the primary.  Subkeys are revoked by
> the primary key, so if the primary isn't Elgamal sign+encrypt, then
> there is no way to get the revocation signature issued.

*thunk*

(That was my head on the table)

-- vbi

-- 
No te fíes del sol del invierno.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20031201/221437b8/attachment.bin


More information about the Gnupg-users mailing list