|
From: | Maxime Devos |
Subject: | bug#57091: Git authentication reports subkey fingerprints |
Date: | Thu, 11 Aug 2022 17:07:12 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 |
Apologies if I'm wildly off the mark here. But then I'd like to hear some plausible threat models. Maxime?
Here's a problem with allowing subkeys, if that's what you mean:
Expiration times might be solvable by taking the commit time of
the previous commit as 'current time' (not the commit that was
signed, otherwise an attacker could just lie). I don't know a
solution for GPG-level revocation of old subkeys but I haven't
looked either.
Another problem:
Greetings,
Maxime.
OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
[Prev in Thread] | Current Thread | [Next in Thread] |