GPG, subkeys smartcard and computer

Peter Lebbing peter at digitalbrains.com
Tue Feb 21 16:23:27 CET 2017


On 21/02/17 16:19, Andrew Gallagher wrote:
> And this is the main reason I started running my own keyserver - by
> refreshing your monkeysphere-host keyring, you are leaking to the
> keyserver which user credentials have login access to your system. :-)

But if an attacker can cut off your SSH servers from the keyserver, and
your SSH servers fail open, meaning that they conclude the old data is
still valid when it can't get new data, an attacker can keep using a
compromised and revoked subkey without the server noticing the
revocation in time.

It all depends on your threat model.

My 2 cents,

Peter.

PS: Actually, on reflection, not /my/ 2 cents. I'm just repeating what
Kristian said earlier with some more words attached.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170221/ee72de98/attachment.sig>


More information about the Gnupg-users mailing list