Impact of ROCA (CVE-2017-15361) in subkey vs. private key?

Lachlan Gunn lachlan at
Tue Oct 31 01:08:04 CET 2017

2017-10-30 23:44 GMT+10:30 Peter Lebbing <peter at>:

> But, I agree that the reverse is not true: a compromised subkey does not
> compromise the primary key in any way I can think of. And systems
> checking for ROCA should not reject a certificate because there is
> something wrong with an already revoked key.

I'm not sure that this is 100% correct.  The first part is true, but
signatures of a key that has been revoked because it was superseded or lost
are valid up to the revocation date, whereas ROCA-affected keys are
compromised to some degree and so all signatures are suspect; the
revocation status should, ideally, reflect this.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Gnupg-users mailing list