vanitasvitae
/
openpgp-notes
mirror of https://codeberg.org/openpgp/notes.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove unnecessary punctuation

This commit is contained in:
Tammi L. Coles 2024-02-10 13:02:35 +01:00
parent c831fdeb34
commit 0d87ddefba
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
book/source/adv/certificates.md
View File

@ -137,7 +137,7 @@ Certificate minimization involves selectively filtering out components of a cert
The strategy behind certificate minimization focuses on creating a streamlined certificate by removing elements not required for its specific application. This approach not only boosts operational efficiency and client software performance but also safeguards OpenPGP communications against various threats. By filtering which components to retain or omit, the process can serve distinct purposes:
- **Omitting unnecessary components**: In contexts such as email encryption, only the keys necessary for encryption, signing, and certification are retained, excluding those like authentication subkeys that are irrelevant to the primary use-case.
- **Omitting third-party certifications**: Proactively filtering these out upon import can prevent the overload of a certificate with excessive certifications, a common tactic in ["certificate flooding,"](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html) that is designed to render a certificate unusable. This is particularly relevant when certificates grow organically large, to the point that user software [encounters difficulties handling them](https://www.reddit.com/r/GnuPG/comments/bp23p4/my_key_is_too_large/).
- **Omitting third-party certifications**: Proactively filtering these out upon import can prevent the overload of a certificate with excessive certifications, a common tactic in [certificate flooding](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html) that is designed to render a certificate unusable. This is particularly relevant when certificates grow organically large, to the point that user software [encounters difficulties handling them](https://www.reddit.com/r/GnuPG/comments/bp23p4/my_key_is_too_large/).
Additionally, specific elements of a certificate can be selectively omitted during the minimization process to tailor the certificate to its use-case, improve manageability, and ensure software compatibility: