I am wondering if anyone here can definitively say whether the ROCA
vulnerability (CVE-2017-15361) described here
https://crocs.fi.muni.cz/public/papers/rsa_ccs17 when it occurs in a subkey
will make the private key vulnerable?
I can't find anyone talking about this particular issue. Assuming that
>
> so at Facebook, we checked
> the public keys that have been uploaded to people's profiles, and notified
> people whose keys are affected
Jon,
FYI your detection logic seems a bit overzealous, because (last time I
checked) it detects revoked ROCA-vulnerable subkeys as making the whole
public
