Impact of ROCA (CVE-2017-15361) in subkey vs. private key?

Peter Lebbing peter at
Tue Oct 31 11:46:40 CET 2017

On 31/10/17 11:39, Peter Lebbing wrote:
> And yes, the subkey should also be revoked with reason "compromised", for the
> reason you state.

And only now the penny drops.

I suppose a system checking for ROCA might rightfully take offense at a subkey
revoked as "superseded" or "lost"[1], because with ROCA it is actually
"compromised". I never checked what GnuPG does with two revocations on a key,
the earlier a "superseded" and the later a "compromised". The only correct thing
would be to treat it as "compromised", especially because the attacker could
generate a "superseded" with an earlier timestamp after the compromise and
create the same situation. So it ought to work.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list