was Re: PGP Key Poisoner // now "Binding one person's subkey to another person's primary key"

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Tue Aug 13 13:56:25 CEST 2019


On 12.08.2019 19:09, vedaal via Gnupg-users wrote:
> Can this really be done?
> 
> (Does not matter so much to me personally, as I grew up with v3
> keys, and even when using a V4 key, I don't generate a subkey, but
> allow all the functions (sign, encrypt. certify) to be done with the
> master key).
> 
> Does matter a lot if I can't trust the subkey of someone whom I want 
> to encrypt to.

> How real is this threat, and is it any threat at all, if simply 
> binding the subkey to a different master key, won't allow for anyone 
> else other than the 'real' owner, to decrypt messages encrypted to
> that subkey?

As you correctly point out its really not that relevant for encryption
subkeys. It does have security implementations for signing subkeys; see
[cross-certification section] for some details on that.

References:
[cross-certification section]
https://gnupg.org/faq/subkey-cross-certify.html

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190813/1105e8fd/attachment-0001.sig>


More information about the Gnupg-users mailing list