ch4: add todo notes

This commit is contained in:
Heiko Schaefer 2023-10-10 16:26:31 +02:00
parent d1203075d1
commit 1aa4696f3e
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D

View file

@ -721,7 +721,22 @@ The subkey packet above by itself is disconnected from the OpenPGP certificate t
The type of signature that is used for this is called a *subkey binding signature*, because it "binds" (as in "connects") the subkey to the rest of the key. The type of signature that is used for this is called a *subkey binding signature*, because it "binds" (as in "connects") the subkey to the rest of the key.
In addition to its core purpose of making the connection, this signature also contains additional metadata about the subkey. One reason why this metadata is in a binding signature (and not in the subkey packet) is that it may change over time. The subkey packet itself may not change over time. So metadata about the subkey that can change is stored in self-signatures: if the key holder wants to change some metadata (for example, the key's expiration time), they can issue a newer version of the same kind of signature. Receiving OpenPGP software will then understand that the newer self-signature supercedes the older signature, and that the metadata in the newer signature reflects the most current intent of the key holder. ```{admonition} VISUAL
:class: warning
Add detailed packet diagram analogous to 4.6.1
```
```{admonition} TODO
:class: warning
david points out: "The information on metadata in binding signatures may also make sense in other contexts (direct key signature)?"
Should this text go elsewhere?
- 4.2.3?
- ch 6?
```
In addition to its core purpose of making the connection, this signature also contains additional metadata about the subkey. One reason why this metadata is in a binding signature (and not in the subkey packet) is that it may change over time. The subkey packet itself may not change over time. So metadata about the subkey that can change is stored in self-signatures: if the key holder wants to change some metadata (for example, the key's expiration time), they can issue a newer version of the same kind of signature. Receiving OpenPGP software will then understand that the newer self-signature supersedes the older signature, and that the metadata in the newer signature reflects the most current intent of the key holder.
Note that this subkey binding signature packet is quite similar to the Direct Key Signature we discussed packet above. Both signatures perform the same function in terms of adding metadata to a component key. In particular, the hashed subpacket data contains many of the same pieces of metadata. Note that this subkey binding signature packet is quite similar to the Direct Key Signature we discussed packet above. Both signatures perform the same function in terms of adding metadata to a component key. In particular, the hashed subpacket data contains many of the same pieces of metadata.
@ -808,6 +823,12 @@ The signature is calculated over a hash. The hash, in this case, is calculated o
### Signing subkey ### Signing subkey
```{admonition} TODO
:class: warning
write
```
```text ```text
$ sq packet dump --hex alice.priv-6--SecretSubkey $ sq packet dump --hex alice.priv-6--SecretSubkey
Secret-Subkey Packet, new CTB, 2 header bytes + 75 bytes Secret-Subkey Packet, new CTB, 2 header bytes + 75 bytes