mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-25 17:12:06 +01:00
clarify certification key flag limitation
This commit is contained in:
parent
e187175d65
commit
e59e70939c
1 changed files with 3 additions and 1 deletions
|
@ -49,9 +49,11 @@ Third-party signatures are used to make specific statements:
|
|||
- revoking, and thus invalidating, prior third-party signature statements
|
||||
|
||||
```{note}
|
||||
The **certify others** [key flag](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-key-flags) (`0x01`) is required to issue third-party signatures. Typically, only the certificate's primary can hold this key flag.
|
||||
The **certify others** [key flag](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-key-flags) (`0x01`) is required to issue third-party signatures. By convention[^primary-certification], only the certificate's primary can hold this key flag.
|
||||
```
|
||||
|
||||
[^primary-certification]: Implementations currently assume that only the primary key may hold the "certify others" key flag. However, the RFC doesn't clearly specify this limitation.
|
||||
|
||||
### Distinct functions of self-signatures and third-party signatures
|
||||
|
||||
The meaning of an OpenPGP signature depends significantly on its issuer. Self-signatures and third-party signatures, even when of the same [signature type](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-signature-types), serve distinct functions. For example:
|
||||
|
|
Loading…
Reference in a new issue