diff --git a/book/source/adv/certificates.md b/book/source/adv/certificates.md index 05ddd26..6ad448d 100644 --- a/book/source/adv/certificates.md +++ b/book/source/adv/certificates.md @@ -146,13 +146,13 @@ Additionally, specific elements of a certificate can be selectively omitted duri Through these targeted techniques, certificate minimization serves to enhance the practical usability of certificates in various environments and protect against potential security threats and privacy concerns. It strikes a careful balance, maintaining the OpenPGP trust framework while optimizing certificates for efficiency and specific operational contexts. -### Minimization in applications +### Application-specific approaches: Hagrid and GnuPG -#### Hagrid, which runs keys.openpgp.org +#### Hagrid -The [hagrid keyserver software](https://gitlab.com/keys.openpgp.org/hagrid) doesn't publish the identity components in certificates by default. This is a central aspect of the [privacy policy](https://keys.openpgp.org/about/privacy) of the service. Certificates can be uploaded to the service by third parties, which is useful. However, identifying information is only distributed by the service on an explicit opt-in basis. +[Hagrid keyserver software](https://gitlab.com/keys.openpgp.org/hagrid), operating keys.openpgp.org, adopts a privacy-centric model by not automatically publishing identity components of certificates. According to its [privacy policy](https://keys.openpgp.org/about/privacy), the service allows certificates to be uploaded by anyone, but identifying information is shared only with the certificate owner's explicit opt-in. This measure significantly contributes to user privacy and aids in minimizing certificates by default. -Separately, third-party certifications are currently filtered out by the service, to avoid flooding attacks. +Additionally, to mitigate the risk of certificate flooding, Hagrid currently filters out third-party certifications, further aligning with certificate minimization principles. #### GnuPG