revoked key - was: Re: key-signing for pseudonyms
David Shaw
dshaw at jabberwocky.com
Sat May 22 23:02:05 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, May 22, 2004 at 02:19:25PM -0400, Atom 'Smasher' wrote:
> On Fri, 21 May 2004, David Shaw wrote:
>
> > Currently, the main key signs all subkeys. The fix is that signing
> > subkeys sign the main key as well. Since an attacker who "steals" the
> > subkey cannot issue this back-signature, it is very obvious that the
> > attacker key is fraudulent.
> ================================
>
> is there a way to do that with encryption-only subkeys?
>
> or is that less of a concern since a "hijacked" public key for encryption
> can't be used to claim authorship of a work? although, it can cause other
> FUD.
There is little point in doing it with encryption-only subkeys since a
stolen encryption subkey does not allow the attacker any benefit. If
someone encrypts a message to the stolen key, the attacker can't read
it.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (GNU/Linux)
iGoEARECACoFAkCvv80jGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2tleS5h
c2MACgkQ4mZch0nhy8lZ0gCeIH/sWqjuWtAF5JdchPT82xTvLfQAoMuHxMG/CXao
dcqThRFsfj2N8TWj
=v3ak
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list