openpgp-notes/book/source/06-signatures.md

(signatures_chapter)=
# Signatures as "statements"

```
  - Purpose of a signature
  - Meaning of different signature types, nuances of subpackets
  - Can we have a "catalogue" of statements a user might want to make, mapping these to archetypical signatures?
  - Revocation; Hard vs. Soft
```

## Certifications (third party signatures on keys)

A certification is a machine-readable statement about a (public) key, made by a third party.
In OpenPGP, certifications are implemented as
[Signature Packets](https://datatracker.ietf.org/doc/html/rfc4880#section-5.2).

More specifically, certifications in OpenPGP are usually modelled as "third party binding signatures".

Typically, certifications in OpenPGP work like this: Alice checks that a key `0x1234...` belongs to Bob, who uses the
email address `bob@example.org`. After making sure that the key `0x1234...` and the digital identity `bob@example.org`
are meaningfully linked, she creates a certification stating that the key and the identity are linked.

Such a certification can serve two purposes:

1) Alice's OpenPGP software can now reason about Bob's key, and thus show that `0x1234...` is a good key to use for 
interacting with `bob@example.org`.
2) Other parties can observe Alice's certification and derive some amount of confidence in Bob's key from it.
For example, Carol might not easily be able to check if `0x1234...` is Bob's key, but she might consider Alice's
certification for Bob's key sufficient evidence.

Carol may decide to systematically rely on Alice's certifications. Then we say that Carol uses Alice as a
"trusted introducer". That is, Carol *delegates* part of her authentication decisions to Alice.


### Regular certifications

Are a cryptographic statement that binds a User ID and a Key (via its fingerprint) together.

Have a SignatureType in  `GenericCertification, PersonaCertification, CasualCertification, PositiveCertification`.

### Trust signatures (using a key as "trusted introducer")

A "trust signature" has two additional parameters: a `depth` and a `level`.

#### Alternative model: direct key signatures for pure delegation

This is useful for using 0xB as a trusted introducer without asserting that 0xB is Bob
(when a tsig is on a User ID, it is necessarily *also* a vouch about the binding).

The logical place to store a tsig that is not also a vouch about a binding is a direct key signature
(however, GnuPG does probably not respect such tsigs).

The [OpenPGP Web of Trust](https://sequoia-pgp.gitlab.io/sequoia-wot/) spec allows such direct key signatures.

SignatureType is `DirectKey`

In Sequoia, roughly:
```
SignatureBuilder::new(SignatureType::GenericCertification).set_trust_signature(..).sign_direct_key(&mut your_signer, &signee_cert.primary_key())
```
Edits in chapter two; add link anchors to point to 2023-09-20 14:48:26 +02:00			`(signatures_chapter)=`
			`# Signatures as "statements"`
Initial outline and old notes (Rough merge of two precursor projects by Heiko, and outline notes by Paul) 2023-09-14 21:30:43 +02:00
			```
			`- Purpose of a signature`
			`- Meaning of different signature types, nuances of subpackets`
			`- Can we have a "catalogue" of statements a user might want to make, mapping these to archetypical signatures?`
			`- Revocation; Hard vs. Soft`
			```

			`## Certifications (third party signatures on keys)`

			`A certification is a machine-readable statement about a (public) key, made by a third party.`
			`In OpenPGP, certifications are implemented as`
			`[Signature Packets](https://datatracker.ietf.org/doc/html/rfc4880#section-5.2).`

			`More specifically, certifications in OpenPGP are usually modelled as "third party binding signatures".`

			Typically, certifications in OpenPGP work like this: Alice checks that a key `0x1234...` belongs to Bob, who uses the
			email address `bob@example.org`. After making sure that the key `0x1234...` and the digital identity `bob@example.org`
			`are meaningfully linked, she creates a certification stating that the key and the identity are linked.`

			`Such a certification can serve two purposes:`

			1) Alice's OpenPGP software can now reason about Bob's key, and thus show that `0x1234...` is a good key to use for
			interacting with `bob@example.org`.
			`2) Other parties can observe Alice's certification and derive some amount of confidence in Bob's key from it.`
			For example, Carol might not easily be able to check if `0x1234...` is Bob's key, but she might consider Alice's
			`certification for Bob's key sufficient evidence.`

			`Carol may decide to systematically rely on Alice's certifications. Then we say that Carol uses Alice as a`
			`"trusted introducer". That is, Carol delegates part of her authentication decisions to Alice.`


			`### Regular certifications`

			`Are a cryptographic statement that binds a User ID and a Key (via its fingerprint) together.`

			Have a SignatureType in `GenericCertification, PersonaCertification, CasualCertification, PositiveCertification`.

			`### Trust signatures (using a key as "trusted introducer")`

			A "trust signature" has two additional parameters: a `depth` and a `level`.

			`#### Alternative model: direct key signatures for pure delegation`

			`This is useful for using 0xB as a trusted introducer without asserting that 0xB is Bob`
			`(when a tsig is on a User ID, it is necessarily also a vouch about the binding).`

			`The logical place to store a tsig that is not also a vouch about a binding is a direct key signature`
			`(however, GnuPG does probably not respect such tsigs).`

			`The [OpenPGP Web of Trust](https://sequoia-pgp.gitlab.io/sequoia-wot/) spec allows such direct key signatures.`

			SignatureType is `DirectKey`

			`In Sequoia, roughly:`
			```
			`SignatureBuilder::new(SignatureType::GenericCertification).set_trust_signature(..).sign_direct_key(&mut your_signer, &signee_cert.primary_key())`
			```