Impact of ROCA (CVE-2017-15361) in subkey vs. private key?
lachlan at twopif.net
Tue Oct 31 11:56:07 CET 2017
Le 2017-10-31 à 12:48, Peter Lebbing a écrit :
> Having read my follow-up, do you now agree? If the subkey is revoked as
> "compromised", all is well and good?
I can't see any reason why this should be problematic. And for
signatures that you know for sure are pre-ROCA, it makes sense to keep
the subkey around.
The only difficulty is when the owner doesn't have the secret key
anymore, and so can't re-revoke it. Then you might want to keep it from
being disseminated further.
More information about the Gnupg-users