Revocation certificate for sub key?

adrelanos adrelanos at riseup.net
Sat Dec 14 18:01:28 CET 2013


>> This would be useful for offline master keys. Trusted persons could be
>> given the revocation certificate for sub keys and send it to key servers
>> when they suspect compromise. But should the sub key revocation
>> certificate get into the wrong hands due to compromise, the damage would
>> be limited.
> Since you still have your secure offline main key, you can revoke
> subkeys yourself... Or am I missing something?

Others may be able to do that faster.

That time advantage might result in much less damage when it comes to
important keys, such as linux distribution signing keys.



More information about the Gnupg-users mailing list