Unable to issue subkey revocation
Chris DeYoung
chd at chud.net
Mon Jun 1 08:46:46 CEST 2026
I don't claim to have anything approaching the technical expertise of
several of the people who have already addressed the issue, but
nonetheless I think I have followed the explanation reasonably well (and
I invite correction if I'm mistaken).
That said,
> No. It does not revoke the subkey.
It doesn't need to. The subkey is automatically invalid because the
primary key associated with it is invalid (revoked). Any system using
the subkey *must* check this; failure to do so means potentially
trusting an invalid key - no different than using the primary key
without checking whether it has been revoked.
It seems like you want to require that the subkey itself is also
explicitly revoked, but this is neither necessary nor required, so
failure to do so is not a bug.
Am I wrong?
Cheers,
-Chris
More information about the Gnupg-users
mailing list