mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
Move conflict-related changes to conflicts and duplication section
This commit is contained in:
parent
f04987df80
commit
c80678e8f1
1 changed files with 5 additions and 4 deletions
|
@ -85,14 +85,15 @@ By marking the expiration date subpacket as critical, the user can indicate, tha
|
|||
Sections 5.2.3.11 - 5.2.3.36 give guidance on which subpackets are usually marked as critical.
|
||||
|
||||
### Potential conflicts and duplication
|
||||
|
||||
Since the hashed and unhashed areas of a signature are just lists of subpackets, in principle they allow duplicates of the same subpacket, which might lead to conflicts.
|
||||
Therefore, packets in the hashed area take precendence over the unhashed area.
|
||||
However, there may still be conflicts between packets in the same area, e.g. two conflicting expiration dates, etc.
|
||||
The specification recommends that implementations favor the last occurence of a conflicting packet.
|
||||
The specification recommends that implementations favor the last occurence of a conflicting packet in the hashed area.
|
||||
|
||||
In some cases, duplicate packets with conflicting content even make sense, e.g. if a signature was made by a version 6 issuer key whose key material was migrated from an older OpenPGP version such as v4.
|
||||
In this case, the v4 key could be used to validate the v6 signature, but since the fingerprint and key ID calculation scheme was changed between v4 and v6, these identifiers would differ.
|
||||
Therefore, the signature could contain two sets of issuer fingerprint and isuer key ID subpackets with conflicting, but correct values.
|
||||
In some cases, duplicate packets with conflicting content even make sense, e.g. if a signature was made by a version 4 issuer key whose key material was migrated from an older OpenPGP version such as v3.
|
||||
In this case, either the v3 or v4 key could be used to validate the v4 signature, but since the key ID calculation scheme was changed between v3 and v4, these identifiers would differ.
|
||||
Therefore, the signature could contain two isuer key ID subpackets with conflicting, but correct values.
|
||||
|
||||
```{admonition} TODO
|
||||
:class: warning
|
||||
|
|
Loading…
Reference in a new issue