ch4: clarify the primary key can't confer validity beyond its own

This commit is contained in:
Heiko Schaefer 2023-10-09 19:19:30 +02:00
parent fd2469e0e4
commit 74710d804a
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D

View file

@ -83,6 +83,8 @@ The "OpenPGP primary key" is a component key that serves a central role in an Op
- Its fingerprint is used as the unique identifier for the full OpenPGP certificate. - Its fingerprint is used as the unique identifier for the full OpenPGP certificate.
- It is used for lifecycle operations, such as adding or invalidating subkeys or identities in a certificate. - It is used for lifecycle operations, such as adding or invalidating subkeys or identities in a certificate.
The validity of the primary key limits its capacity to confer validity to other components. E.g.: The primary key cannot confer an expiration time beyond its own expiration to a subkey. It can also not confer validity to components after it has been revoked.
```{admonition} Terminology ```{admonition} Terminology
:class: note :class: note