From d0b4502a4b578a35a9da45d9a49dfcfe2ef6e49f Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Tue, 28 Nov 2023 22:13:20 +0100
Subject: [PATCH] MOST implementations assume only primary-key Certification
 capable

---
 book/source/08-signing_components.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/book/source/08-signing_components.md b/book/source/08-signing_components.md
index c1fe686..20c41b4 100644
--- a/book/source/08-signing_components.md
+++ b/book/source/08-signing_components.md
@@ -52,7 +52,7 @@ Third-party signatures are used to make specific statements:
 The **certify others** [key flag](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-key-flags) (`0x01`) is required to issue third-party signatures. By convention[^primary-certification], only the certificate's primary key can hold this key flag.
 ```
 
-[^primary-certification]: Implementations currently assume that only the primary key may hold the "certify others" key flag. However, the RFC doesn't clearly specify this limitation.
+[^primary-certification]: Most implementations currently assume that only the primary key may hold the "certify others" key flag. However, the RFC doesn't clearly specify this limitation.
 
 ### Distinct functions of self-signatures and third-party signatures