correct CertificationRevocation section

This commit is contained in:
Tammi L. Coles 2023-11-25 11:09:11 +01:00
parent 8fe5dfcf33
commit 78b2766049

View file

@ -322,15 +322,16 @@ In addition to these subpackets, self-certifications for User IDs can include ot
Since OpenPGP certificates are often distributed by the means of key servers, new signatures on a certificate are often "merged" into existing copies of the certificate locally by the recipient. This integration process means it is practically impossible to directly remove signatures or User IDs from a certificate, as there is no way to communicate the intention of packet deletion to the recipient.
To effectively mark a User ID as invalid, the user can publish a copy of their certificate with a *CertificationRevocation* signature(type `0x30`) attached to the invalidated User ID. This signature signals that the specified User ID is no longer valid or associated with the certificate holder.
To effectively mark a User ID as invalid, the user can publish a copy of their certificate with a *CertificationRevocation* signature (type `0x30`) attached to the invalidated User ID. This signature signals that the specified User ID is no longer valid or associated with the certificate holder.
The structure of a certification revocation is as follows:
The structure of a *CertificationRevocation* is as follows:
| Subpacket | Area | Critical | Mandatory | Notes |
|---------------------|--------|----------------|-------------------|---------------------------------------------|
| Signature Creation Time | Hashed | True | True | Should be the current time |
| Issuer Fingerprint | Hashed | True or False | Strongly Recommended | Indicates the primary key as the issuer |
| Reason for Revocation | Hashed | True | False | Determines the nature of the revocation |
|-------------------------|--------|----------------|-------------------|-------------------------------------------------|
| Signature Creation Time | Hashed | True | True | Current time |
| Issuer Fingerprint | Hashed | True or False | Strongly Recommended | The primary key is the issuer |
| Reason for Revocation | Hashed | True | False | Determines soft or hard revocation |
For User ID revocations, the *Reason for Revocation* subpacket is crucial. A value of `0` means no specific reason, leading to a hard revocation, while `32` indicates the User ID is no longer valid, resulting in a soft revocation. Omitting the reason subpacket is also equivalent to a hard revocation.