Le 2017-10-31 à 12:39, Peter Lebbing a écrit : > To clarify, do you agree if I reword the paragraph you contest as: > > But, I agree that the reverse is not true: a compromised subkey does not > compromise the primary key in any way I can think of. And systems > checking for ROCA should not reject a certificate because there is > something wrong with an already revoked subkey. > > The only change is in the last word :-).
No, I don't think so---even if the subkey is revoked, there is nothing stopping me from factoring its public key and then signing all kinds of documents with a backdated timestamp. I guess if I'm running the test myself then I can go ahead and ignore signatures from that subkey, but ideally the key would actually be marked as compromised. Thanks, Lachlan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
