GPG, subkeys smartcard and computer

Andrew Gallagher andrewg at
Tue Feb 21 16:31:50 CET 2017

On 21/02/17 15:23, Peter Lebbing wrote:
> On 21/02/17 16:19, Andrew Gallagher wrote:
>> And this is the main reason I started running my own keyserver - by
>> refreshing your monkeysphere-host keyring, you are leaking to the
>> keyserver which user credentials have login access to your system. :-)
> But if an attacker can cut off your SSH servers from the keyserver, and
> your SSH servers fail open, meaning that they conclude the old data is
> still valid when it can't get new data, an attacker can keep using a
> compromised and revoked subkey without the server noticing the
> revocation in time.

Using your own keyserver(s) also helps with this, because you're not
relying on external internet connectivity to get your revocations. Now,
if your keyserver loses gossip with the pool you still may not get
revocations, but only if your users push them to the pool and not to
your keyserver, which is a question of defaults.

> It all depends on your threat model.

Absolutely! :-)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170221/3dd8a60e/attachment.sig>

More information about the Gnupg-users mailing list