vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-22 23:52:05 +01:00
Code Issues Projects Releases Packages Wiki Activity

move example texts into diagram notes

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-25 17:26:36 +01:00
parent 5887bcc880
commit 127f36162c
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 13 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
book/source/08-signing_components.md
View file

@ -233,7 +233,11 @@ This allows for a more extensive network of trusted certifications, enabling a b
```{admonition} VISUAL
:class: warning
Heiko, I found the example confusing. So more text is here AND I recommend adding a visual to illustrate it, using your former example.
Illustrate with diagram(s). Notes for diagrams:
When Alice delegates trust decisions to Trent, designating Trent as a trusted introducer with a *trust depth* of 1, then Alice's OpenPGP implementation will only accept direct certifications by Trent. For example, Trent may have certified that Bob's certificate with the fingerprint `0xB0B` is legitimately connected to Bob's User ID `Bob <bob@example.org>`. If Alice tries to communicate with Bob using his identity `Bob <bob@example.org>`, then Alice's OpenPGP software can automatically determine that the certificate `0xB0B` is appropriate to use.
However, Alice's OpenPGP software wouldn't accept a series of delegations from Trent via Tristan to a certification of Carol's identity (let's imagine that Trent has designated Tristan a trusted introducer). For Alice's OpenPGP software to accept such a path, she needs to designate Trent as a trusted introducer with the `level` set to 2 or more.
```
#### Trust amounts
@ -245,7 +249,11 @@ A higher value indicates greater degree of reliance. This quantification aids Op
```{admonition} VISUAL
:class: warning
add diagrams? @heiko -- yes, using the examples that I removed
Illustrate with diagram(s). Notes for diagrams:
If Alice designates Trent as a trusted introducer at a trust amount of 120, then Alice's OpenPGP software will consider Bob's identity fully authenticated if Trent has certified it.
However, if Alice only assigns a trust amount of 60 (which indicates "partial trust") to Trent, then her software would not consider Bob's identity fully authenticated. Now let's imagine that Alice additionally assigns a trust amount of 60 to Tristan (a second, independent introducer), and Tristan also certified Bob's identity. In this case, Alice's OpenPGP software will consider Bob's identity fully authenticated, based on the combination of both delegations, and the certifications the two trusted introducers issued.
```
#### Limiting delegation scope
@ -257,7 +265,9 @@ With this mechanism, for example, it is possible to delegate authentication deci
```{admonition} VISUAL
:class: warning
add diagrams?
Illustrate with diagram(s). Notes for diagrams:
For example, Alice could delegate trust decisions only for email addresses in the domain `bob.com` to Bob, if she considers Bob to be a reasonable source of identity certifications for that domain.
```
(wot)=