Impact of ROCA (CVE-2017-15361) in subkey vs. private key?

[Lachlan Gunn]

Le 2017-10-31 à 12:48, Peter Lebbing a écrit :
> Having read my follow-up, do you now agree? If the subkey is revoked as
> "compromised", all is well and good?

I can't see any reason why this should be problematic.  And for
signatures that you know for sure are pre-ROCA, it makes sense to keep
the subkey around.

The only difficulty is when the owner doesn't have the secret key
anymore, and so can't re-revoke it.  Then you might want to keep it from
being disseminated further.

Thanks,
Lachlan