edit "trust signature" text

- lean on the word "trust" as little as possible
- some clarifications
This commit is contained in:
Heiko Schaefer 2023-11-25 17:06:07 +01:00
parent e49d1e69af
commit 5887bcc880
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB

View file

@ -213,7 +213,7 @@ Other users may or may not decide to rely on Alice's statement.
### Trust signatures: delegating authentication
OpenPGP uses [*trust signature*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#trust-signature-subpacket) subpackets to delegate authentication decisions, transforming the recipient certificate into a "trusted introducer" (or a trust root) for the user. This includes specifying trust depth (or level) for transitive delegations and quantifying trust with numerical values, indicating the extent of reliance on the introducer's certifications.
OpenPGP uses [*trust signature*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#trust-signature-subpacket) subpackets to delegate authentication decisions, designating the recipient certificate as a "trusted introducer" (or a trust root) for the user. This includes specifying trust depth (or level) for transitive delegations and quantifying trust with numerical values, indicating the extent of reliance on the introducer's certifications.
Trust signature subpackets are applicable in:
@ -222,11 +222,11 @@ Trust signature subpackets are applicable in:
#### Trust depth/level
The trust depth (or level) in OpenPGP signifies the extent of transitive delegation within the authentication process. It determines how far the trust can be extended from the original trusted introducer to subsequent intermediaries. Essentially, a certificate with a designated trust depth acts as a "meta-introducer," facilitating authentication decisions across multiple levels in the network.
The "trust depth" (or level) in OpenPGP signifies the extent of transitive delegation within the authentication process. It determines how far a delegation can be extended from the original trusted introducer to subsequent intermediaries. Essentially, a certificate with a trust depth of more than one acts as a "meta-introducer," facilitating authentication decisions across multiple levels in the network.
For example, a trust depth of 1 means there is direct trust in the certifications made by the trusted introducer. In this case, the user's OpenPGP software will accept certifications made directly by the introducer for authenticating identities.
A trust depth of 1 means relying on certifications made directly by the trusted introducer. The user's OpenPGP software will accept certifications made directly by the introducer for authenticating identities.
However, when the trust depth is set higher, it implies a chain of trust extending beyond the initial introducer. The user's software will recognize and accept certifications made not only by the primary introducer but also by other intermediaries whom the primary introducer trusts.
However, when the trust depth is set higher, it implies a chain of delegation extending beyond the initial introducer. The user's software will recognize and accept certifications made not only by the primary introducer but also by other intermediaries whom the primary introducer designated as trusted introducers.
This allows for a more extensive network of trusted certifications, enabling a broader and more interconnected Web of Trust.
@ -238,9 +238,9 @@ Heiko, I found the example confusing. So more text is here AND I recommend addin
#### Trust amounts
The trust amount, with a numerical value ranging from 0 to 255, quantifies the degree of trust in a delegation.
The "trust amount," with a numerical value ranging from 0 to 255, quantifies the degree of reliance on a delegation.
A higher value indicates greater trust, such as 120 for complete trust, while lower values suggest partial trust. This quantification aids OpenPGP software in determining the authentication level based on combined trust from multiple trusted introducers.
A higher value indicates greater degree of reliance. This quantification aids OpenPGP software in determining an aggregate amount of reliance, based on combined certifications from multiple trusted introducers.
```{admonition} VISUAL
:class: warning
@ -265,7 +265,7 @@ add diagrams?
The Web of Trust in OpenPGP is a trust model that facilitates authentication decisions through a network of certifications and delegations.[^strong-set] It is characterized by a so-called [strong set](https://en.wikipedia.org/wiki/Web_of_trust#Strong_set), which refers to a group of certificates that are robustly interconnected via third-party certifications.
In this model, users independently delegate authentication decisions, choosing whom to trust among various certificate issuers. This delegation is based on the certificates and third-party signatures available to them, with their OpenPGP software applying the Web of Trust mechanism to discern the reliability of each certificate for an identity.
In this model, users independently delegate authentication decisions, choosing whose certification to rely on. This delegation is based on the certificates and third-party signatures available to them, with their OpenPGP software applying the Web of Trust mechanism to discern the reliability of each certificate for an identity.
The OpenPGP RFC doesn't specify exactly how Web of Trust calculations are performed. It only defines the data formats on which these calculations can be performed. See external resources in {numref}`wot-resources`.