reinsert reference to attested certicifications

2024-02-16 15:27:39 +01:00 · 2024-02-16 15:27:39 +01:00 · a098da14b0
parent 8a1a6026fb
commit a098da14b0
1 changed files with 2 additions and 0 deletions
--- a/book/source/adv/certificates.md
+++ b/book/source/adv/certificates.md
@ -295,6 +295,8 @@ Keyserver designs have adapted to these challenges. For example, the keys.openpg

 Furthermore, KOO, Hockeypuck keyserver software, and Sequoia's `sq` command-line tool have plans to support or already support 1pa3pc, demonstrating the community's proactive stance on enhancing certificate security. See how [KOO supports 1pa3pc](https://gitlab.com/keys.openpgp.org/hagrid/-/commit/39c0e12ac64588220d36bada6497d8396f5915b3), [Hockeypuck's statement on "HIP 1: Regaining control over public key identity with authenticated key management"](https://github.com/hockeypuck/hockeypuck/wiki/HIP-1:-Regaining-control-over-public-key-identity-with-authenticated-key-management) and [Sequoia's support](https://man.archlinux.org/man/sq-key-attest-certifications.1)).

+It's also noteworthy that the mechanism of 1pa3pc relies on the *attested certifications* signature subpacket (type ID 37), a feature presently proposed in the draft-ietf-openpgp-rfc4880bis. Although the inclusion of this specific subpacket was not within the scope of the current "crypto-refresh" work by the OpenPGP working group, there is optimism that future revisions of the standard will formally integrate this capability, further solidifying the framework for secure and controlled certificate management.
+
 (social-graph-metadata-leak)=
 ### Metadata leak of social graph