diff --git a/book/source/08-signing_components.md b/book/source/08-signing_components.md index 526be8b..885295b 100644 --- a/book/source/08-signing_components.md +++ b/book/source/08-signing_components.md @@ -6,22 +6,28 @@ SPDX-License-Identifier: CC-BY-SA-4.0 (component_signatures_chapter)= # Signatures on components -In this chapter, we'll consider OpenPGP signatures that apply to components. That is, signatures that apply to: +In this chapter, we'll look into OpenPGP signatures that apply to components of certificates. That is, signatures that apply to: -- Component keys (primary keys or subkeys), or +- Component keys (primary keys or subkeys) and - Identity components (User IDs or User attributes). -This chapter adds a lot of detail to the material we discussed in the {ref}`certificates_chapter` chapter. Signatures on components are a crucial mechanism for forming OpenPGP certificates (which combine component keys and identities, via signatures on those components). +This chapter adds detail to material we discussed in the {ref}`certificates_chapter` chapter. Signatures on components are a crucial mechanism for forming OpenPGP certificates and . -Additionally, signatures on components play a crucial role for authentication of identities. Mechanisms for decentralized authentication are one of OpenPGP's core strengths, we'll look into how they work. +## Self-signatures: Forming certificates and life-cycle management -Finally, signatures on components are also a central mechanism for life-cycle management of OpenPGP certificates and their components. This includes defining or changing expiration dates, or issuing revocations, for certificates or their components. +*Self-signatures* are issued by the certificate's owner, using the primary key of the same certificate. + +Signatures on components are also a central mechanism for life-cycle management of OpenPGP certificates and their components. This includes defining or changing expiration dates, or issuing revocations, for certificates or their components. + +## Third-party certifications: Encoding authentication + +Additionally, signatures on components play a crucial role in the authentication of identities. Mechanisms for decentralized authentication are one of OpenPGP's core strengths, we'll look into how they work. ## Self-signatures and third-party signatures There are two important scenarios to distinguish: -- *Self-signatures*: Issued by the certificate's owner, using the primary key of the same certificate. + - *Third-party signatures*: Issued by a key that is part of a different certificate. ### Meaning differs between self- and third-party signatures