Impact of ROCA (CVE-2017-15361) in subkey vs. private key?
peter at digitalbrains.com
Tue Oct 31 11:39:24 CET 2017
On 31/10/17 01:08, Lachlan Gunn wrote:
> I'm not sure that this is 100% correct. The first part is true, but signatures
> of a key that has been revoked because it was superseded or lost are valid up to
> the revocation date, whereas ROCA-affected keys are compromised to some degree
> and so all signatures are suspect; the revocation status should, ideally,
> reflect this.
Oh, I was talking about a ROCA-affected *subkey* but a clean primary key, where
the subkey was already revoked by the primary key. I think you are talking about
a ROCA-affected primary key.
A ROCA-affected primary key should be revoked as *compromised*, replaced and not
used in any capacity.
And yes, the subkey should also be revoked with reason "compromised", for the
reason you state.
To clarify, do you agree if I reword the paragraph you contest as:
But, I agree that the reverse is not true: a compromised subkey does not
compromise the primary key in any way I can think of. And systems
checking for ROCA should not reject a certificate because there is
something wrong with an already revoked subkey.
The only change is in the last word :-).
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users