From 78b276604993a2ee563b9180db8c7923214e4c6e Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Sat, 25 Nov 2023 11:09:11 +0100 Subject: [PATCH] correct CertificationRevocation section --- book/source/08-signing_components.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/book/source/08-signing_components.md b/book/source/08-signing_components.md index ca3a96d..5d89d83 100644 --- a/book/source/08-signing_components.md +++ b/book/source/08-signing_components.md @@ -322,15 +322,16 @@ In addition to these subpackets, self-certifications for User IDs can include ot Since OpenPGP certificates are often distributed by the means of key servers, new signatures on a certificate are often "merged" into existing copies of the certificate locally by the recipient. This integration process means it is practically impossible to directly remove signatures or User IDs from a certificate, as there is no way to communicate the intention of packet deletion to the recipient. -To effectively mark a User ID as invalid, the user can publish a copy of their certificate with a *CertificationRevocation* signature(type `0x30`) attached to the invalidated User ID. This signature signals that the specified User ID is no longer valid or associated with the certificate holder. +To effectively mark a User ID as invalid, the user can publish a copy of their certificate with a *CertificationRevocation* signature (type `0x30`) attached to the invalidated User ID. This signature signals that the specified User ID is no longer valid or associated with the certificate holder. -The structure of a certification revocation is as follows: +The structure of a *CertificationRevocation* is as follows: + +| Subpacket | Area | Critical | Mandatory | Notes | +|-------------------------|--------|----------------|-------------------|-------------------------------------------------| +| Signature Creation Time | Hashed | True | True | Current time | +| Issuer Fingerprint | Hashed | True or False | Strongly Recommended | The primary key is the issuer | +| Reason for Revocation | Hashed | True | False | Determines soft or hard revocation | -| Subpacket | Area | Critical | Mandatory | Notes | -|---------------------|--------|----------------|-------------------|---------------------------------------------| -| Signature Creation Time | Hashed | True | True | Should be the current time | -| Issuer Fingerprint | Hashed | True or False | Strongly Recommended | Indicates the primary key as the issuer | -| Reason for Revocation | Hashed | True | False | Determines the nature of the revocation | For User ID revocations, the *Reason for Revocation* subpacket is crucial. A value of `0` means no specific reason, leading to a hard revocation, while `32` indicates the User ID is no longer valid, resulting in a soft revocation. Omitting the reason subpacket is also equivalent to a hard revocation.