Impact of ROCA (CVE-2017-15361) in subkey vs. private key?

Peter Lebbing peter at
Tue Oct 31 11:48:22 CET 2017

On 31/10/17 11:45, Lachlan Gunn wrote:
> No, I don't think so

I was already writing a follow-up but was momentarily blocked on the right way
to phrase some of it :-). Our mails crossed.

Having read my follow-up, do you now agree? If the subkey is revoked as
"compromised", all is well and good?


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list