s/user ID/User ID/

This commit is contained in:
Paul Schaub 2023-10-03 11:29:38 +02:00 committed by Heiko Schaefer
parent be5fff67ab
commit c5ba06dc78
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D

View file

@ -45,9 +45,9 @@ A certification made by a key over components of the same certificate is referre
The **C**certify Others key flag is not required in order to issue self-certifications.
It is only necessary to issue valid third-party certifications.
:::
A typical use-case for a self-certification is to attach a user ID, such as a name and email address to a certificate.
This is done by calculating the signature over the user ID and the public primary key.
The resulting user ID certification (typically type 0x13, potentially type 0x10-0x12) can then be inserted into the certificate, right after the user ID packet.
A typical use-case for a self-certification is to attach a User ID, such as a name and email address to a certificate.
This is done by calculating the signature over the User ID and the public primary key.
The resulting User ID certification (typically type 0x13, potentially type 0x10-0x12) can then be inserted into the certificate, right after the User ID packet.
Other examples for self-signatures are binding signatures for subkeys.
In order to add an OpenPGP subkey to a certificate, a subkey binding signature is calculated over the public primary key, followed by the public subkey.
@ -55,15 +55,15 @@ The resulting subkey binding signature (type 0x18) can then be inserted into the
If the subkey itself is intended to be used as a **S**igning key, an extra step is required.
To prevent an attacker from being able to "adopt" a victims signing subkey and then being able to claim to be the origin of signatures in fact made by victim, subkey binding signatures for signing subkeys need to include an embedded "back signature" (formally known as primary key binding signature) made by the signing key itself.
Certifications over user IDs can also be used to certify certificates of third-parties.
If Alice is certain that `Bob Baker <bob@example.com>` controls the key 0xB0B, she can create a user ID certification signature for that identity and send it to Bob.
Certifications over User IDs can also be used to certify certificates of third-parties.
If Alice is certain that `Bob Baker <bob@example.com>` controls the key `0xB0B`, she can create a User ID certification signature for that identity and send it to Bob.
Bob can then add this signature to his certificate.
TODO: More WoT.
Another important category of signatures are revocations.
A revocation is used to retract the statement formed by a prior signature.
A subkey revocation signature revokes a prior subkey binding signature, while a certification revocation revokes a certification signature.
Typical use-cases for revocations are marking certificates or individual subkeys as unusable, or marking user IDs as no longer used.
Typical use-cases for revocations are marking certificates or individual subkeys as unusable, or marking User IDs as no longer used.
## Signature Subpackets