Encryption to key with multiple subkeys

Joke de Buhr joke at seiken.de
Wed May 12 12:02:08 CEST 2010


On Wednesday 12 May 2010 02:49:43 Grant Olson wrote:
> I think the semantics and correct behavior become unclear when one of
> the keys is revoked.
> 
> - Alice has two encryption keys.
> 
> - Bob sends to both keys.
> 
> - Alice revokes one key.
> 
> - Bob doesn't refresh his keys.  Continues sending to both keys.
> 
> - The unrevoked key decrypts things just fine.

Currently if someone captures the last key and Bobs never refreshes his 
keyring he will always continue to send to the last key since he doesn't know 
it's been revoked and a new last key has been added.

The attacker could still read Bobs messages.

> 
> If Alice has one key and revokes it, she'll get a warning that Bob is
> still sending to the revoked key, and can take corrective action.

New behavior encrypt-to-all-not-revoked-encryption-subkeys:

Alice gets a warning because Bobs encrypts to both subkeys but one has been 
revoked at Alice. Alice could still inform Bob to refresh his keyring.

Gnupg states that a message is encrypted to multiple keys.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 706 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100512/11698c8e/attachment.pgp>


More information about the Gnupg-users mailing list