it seems confusing to imply that bob will necessarily distribute a third-party certification, this is only true some of the time

This commit is contained in:
Heiko Schaefer 2023-11-25 15:43:24 +01:00
parent a3b5e263e3
commit 4b9c064a8b
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB

View file

@ -207,7 +207,7 @@ Third-party signatures in OpenPGP primarily encode authentication statements for
When a signer issues a certifying signature on an identity, it indicates a verified link between the identity and the certificate. That is, the signer vouches for the connection. When a signer issues a certifying signature on an identity, it indicates a verified link between the identity and the certificate. That is, the signer vouches for the connection.
For example, Alice can certify Bob's User ID `Bob Baker <bob@example.com>` with his certificate `0xB0B`, by creating a certification signature that binds Bob's User ID and Bob's certificate. Bob then distributes Alice's certifying signature as part of his certificate. For example, Alice can certify Bob's User ID `Bob Baker <bob@example.com>` with his certificate `0xB0B`, by creating a certification signature that binds Bob's User ID and Bob's certificate. Bob can then distribute Alice's certifying signature as part of his certificate.
Other users may or may not decide to rely on Alice's statement. Other users may or may not decide to rely on Alice's statement.