Impact of ROCA (CVE-2017-15361) in subkey vs. private key?
Lachlan Gunn
lachlan at twopif.net
Tue Oct 31 12:06:43 CET 2017
Le 2017-10-31 à 13:01, Peter Lebbing a écrit :
> Revocations are done by the primary key. If the user has lost the secret
> primary, they should fetch their revocation certificate, not fool around with
> the subkeys ;-). (Incidentally, this is why you don't need revocation
> certificates for individual subkeys.)
True, though this applies to the primary key too---I was thinking of all
signatures, really. But if you consider that correct then it is only
accidentally so :)
> [1] Lachlan indicates "lost" is also treated as "signatures before revocation
> date remain valid", but I haven't checked myself.
I would recommend checking this yourself, as a quick google didn't find
it, and I haven't had a chance to do more thorough research.
Thanks,
Lachlan
More information about the Gnupg-users
mailing list