Impact of ROCA (CVE-2017-15361) in subkey vs. private key?

Peter Lebbing peter at digitalbrains.com
Tue Oct 31 11:46:40 CET 2017


On 31/10/17 11:39, Peter Lebbing wrote:
> And yes, the subkey should also be revoked with reason "compromised", for the
> reason you state.

And only now the penny drops.

I suppose a system checking for ROCA might rightfully take offense at a subkey
revoked as "superseded" or "lost"[1], because with ROCA it is actually
"compromised". I never checked what GnuPG does with two revocations on a key,
the earlier a "superseded" and the later a "compromised". The only correct thing
would be to treat it as "compromised", especially because the attacker could
generate a "superseded" with an earlier timestamp after the compromise and
create the same situation. So it ought to work.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20171031/598a64d9/attachment.sig>


More information about the Gnupg-users mailing list