From 74710d804a84934900c5259cb77f5605b02d9d62 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Mon, 9 Oct 2023 19:19:30 +0200 Subject: [PATCH] ch4: clarify the primary key can't confer validity beyond its own --- book/source/04-certificates.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index e80769b..8d5e787 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -83,6 +83,8 @@ The "OpenPGP primary key" is a component key that serves a central role in an Op - Its fingerprint is used as the unique identifier for the full OpenPGP certificate. - It is used for lifecycle operations, such as adding or invalidating subkeys or identities in a certificate. +The validity of the primary key limits its capacity to confer validity to other components. E.g.: The primary key cannot confer an expiration time beyond its own expiration to a subkey. It can also not confer validity to components after it has been revoked. + ```{admonition} Terminology :class: note