I mean yes — that’s the point. If untrusted parties have access to your keys, it’s already game over. You’ve lost. Disabling them is the nicest thing an attacker can do for you.
Not really: it depends on the permissions assigned to the keys.
I wouldn’t like to wake up to an email that says “your key has been disabled because someone anonymously reported is as leaked, sorry if this has broken your entire system”.
What do you do with this, outside of obviously quarantining and/or disabling the key? How was it leaked? What’s the context?
orf|2 years ago
I wouldn’t like to wake up to an email that says “your key has been disabled because someone anonymously reported is as leaked, sorry if this has broken your entire system”.
What do you do with this, outside of obviously quarantining and/or disabling the key? How was it leaked? What’s the context?
blackoil|2 years ago