diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 9b328c9..8611056 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -240,7 +240,7 @@ Third-party certifications are statements by OpenPGP users who attest that they For example, Bob's OpenPGP software may issue a certification that Bob has checked that the User ID `Alice Adams ` and the certificate with the fingerprint `AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3` are legitimately linked. -This presupposes that Bob knows this person who goes by "Alice Adams", and is satisfied that Alice uses the email address `alice@example.org`. Further, that Bob has verified that the certificate his OpenPGP software uses for Alice matches the certificate that Alice is using. Effectively, this verification must ensure that both users have a certificate for Alice with the same fingerprint. In OpenPGP version 6, manual comparison of the fingerprint by end users is discouraged. A replacement mechanism is still pending. The verification must use a sufficiently secure channel, for example an end-to-end encrypted video call, or an in-person meeting. +This presupposes that Bob knows this person who goes by "Alice Adams," and is satisfied that Alice uses the email address `alice@example.org`. Further, that Bob has verified that the certificate his OpenPGP software uses for Alice matches the certificate that Alice is using. Effectively, this verification must ensure that both users have a certificate for Alice with the same fingerprint. In OpenPGP version 6, manual comparison of the fingerprint by end users is discouraged. A replacement mechanism is still pending. The verification must use a sufficiently secure channel, for example, an end-to-end encrypted video call, or an in-person meeting. For more on third-party certifications, see {ref}`third_party_cert`.