new (2003-11-30) keyanalyze results
Adrian 'Dagurashibanipal' von Bidder
avbidder at fortytwo.ch
Mon Dec 1 21:05:36 CET 2003
On Monday 01 December 2003 16:09, David Shaw wrote:
> On Mon, Dec 01, 2003 at 09:06:08AM +0100, Adrian von Bidder wrote:
> > Hmm. I wonder if somebody shouldn't just revoke them. (As proof that
> > they are *really* vulnerable).
>
> Heh. I was waiting for someone to suggest this. I'm a little
> surprised it took this long. ;)
:-)
> [...] raises some interesting ethical questions. [...]
Yes. And I guess we shouldn't do it. In those cases, where the key is still in
use, people will notice when they upgrade gpg.
> > Of course, this is only easy where it's the primary, where the
> > selfsig is available.
>
> It's only *possible* where it is the primary. Subkeys are revoked by
> the primary key, so if the primary isn't Elgamal sign+encrypt, then
> there is no way to get the revocation signature issued.
*thunk*
(That was my head on the table)
-- vbi
--
No te fíes del sol del invierno.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20031201/221437b8/attachment.bin
More information about the Gnupg-users
mailing list