mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
ch8: add clarifications
This commit is contained in:
parent
67ee9bfbe7
commit
fd0f0fe713
1 changed files with 2 additions and 2 deletions
|
@ -66,9 +66,9 @@ This key flag is only necessary to issue valid third-party certifications.
|
|||
|
||||
One important class of self-signatures are revocations.
|
||||
|
||||
A revocation is used to retract the statement formed by a prior signature.
|
||||
A revocation signature is used to retract the statement formed by a prior signature.
|
||||
A subkey revocation signature revokes a prior subkey binding signature, while a certification revocation revokes a certification signature.
|
||||
Typical use-cases for revocations are marking certificates or individual subkeys as unusable, or marking User IDs as no longer used.
|
||||
Typical use-cases for revocations are marking certificates or individual subkeys as unusable (for example, when the private key has been compromised or superseded), or marking User IDs as no longer used.
|
||||
|
||||
A revocation signature can either be hard or soft. A soft revocation of a certificate invalidates it from the revocation signature's creation time onwards. This means signatures issued before the revocation remain intact. A hard revocation, by contrast, invalidates the certificate retroactively, rendering all issued signatures invalid, regardless of creation time. Soft revocations are typically used whenever a key or User ID is retired or superseded gracefully, while hard revocations can, for example, signal compromise of secret key material.
|
||||
|
||||
|
|
Loading…
Reference in a new issue