mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-30 03:22:06 +01:00
ch4: make links for "more on this below" pointers
This commit is contained in:
parent
8bf3440373
commit
fd2469e0e4
1 changed files with 10 additions and 2 deletions
|
@ -93,7 +93,7 @@ In the RFC, the OpenPGP primary key is also sometimes referred to as "top-level
|
||||||
|
|
||||||
In addition to the primary key, modern OpenPGP certificates usually contain a number of "subkeys" (however, it's not technically necessary for a certificate to contain subkeys).
|
In addition to the primary key, modern OpenPGP certificates usually contain a number of "subkeys" (however, it's not technically necessary for a certificate to contain subkeys).
|
||||||
|
|
||||||
Subkeys have the same structure as the primary key, but they are used in a different role. Subkeys are cryptographically linked with the primary key (more on this below).
|
Subkeys have the same structure as the primary key, but they are used in a different role. Subkeys are cryptographically linked with the primary key (more on this in {numref}`binding_subkeys`).
|
||||||
|
|
||||||
```{figure} diag/Subkeys.png
|
```{figure} diag/Subkeys.png
|
||||||
:name: Certificate with Subkeys
|
:name: Certificate with Subkeys
|
||||||
|
@ -140,8 +140,14 @@ OpenPGP certificates can contain any number of User IDs
|
||||||
|
|
||||||
One User ID in a certificate has the special property of being the [Primary User ID](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-primary-user-id).
|
One User ID in a certificate has the special property of being the [Primary User ID](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-primary-user-id).
|
||||||
|
|
||||||
User IDs are associated with preference settings (such as preferred encryption algorithms, more on this below). The preferences associated with the Primary User ID are used by default.
|
User IDs are associated with preference settings (such as preferred encryption algorithms, more on this in {numref}`zooming_in_user_id`). The preferences associated with the Primary User ID are used by default.
|
||||||
|
|
||||||
|
```{admonition} TODO
|
||||||
|
:class: warning
|
||||||
|
|
||||||
|
i think crypto-refresh suggests that the direct key signature should hold the default preferences?
|
||||||
|
we might need to write a more nuanced text here, about how DKS and primary user id interact in v6, and mention the differences to v4?
|
||||||
|
```
|
||||||
|
|
||||||
#### User attributes
|
#### User attributes
|
||||||
|
|
||||||
|
@ -172,6 +178,7 @@ Note, though, that there are some cases where third parties legitimately add "un
|
||||||
|
|
||||||
[^flooding]: Storing third-party identity certifications in the target OpenPGP certificate is convenient for consumers: it is easy to find all relevant certifications in one central location. However, when third parties can unilaterally add certifications, this opens an avenue for denial-of-service attacks by flooding. The SKS network of OpenPGP key servers [allowed and experienced this problem](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html).
|
[^flooding]: Storing third-party identity certifications in the target OpenPGP certificate is convenient for consumers: it is easy to find all relevant certifications in one central location. However, when third parties can unilaterally add certifications, this opens an avenue for denial-of-service attacks by flooding. The SKS network of OpenPGP key servers [allowed and experienced this problem](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html).
|
||||||
|
|
||||||
|
(binding_subkeys)=
|
||||||
#### Binding subkeys to an OpenPGP certificate
|
#### Binding subkeys to an OpenPGP certificate
|
||||||
|
|
||||||
Linking a subkey to an OpenPGP certificate is done with a ["Subkey Binding Signature"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-subkey-binding). Such a signature signals that the "primary key wants to be associated with the subkey".
|
Linking a subkey to an OpenPGP certificate is done with a ["Subkey Binding Signature"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-subkey-binding). Such a signature signals that the "primary key wants to be associated with the subkey".
|
||||||
|
@ -852,6 +859,7 @@ Signature Packet, new CTB, 3 header bytes + 325 bytes
|
||||||
00000140 a6 73 c8 33 5a 9c d9 0a
|
00000140 a6 73 c8 33 5a 9c d9 0a
|
||||||
```
|
```
|
||||||
|
|
||||||
|
(zooming_in_user_id)=
|
||||||
### User ID
|
### User ID
|
||||||
|
|
||||||
User IDs are a mechanism for attaching *identities* to an OpenPGP certificate. Traditionally, User IDs contain a string that combines a name and an email address.
|
User IDs are a mechanism for attaching *identities* to an OpenPGP certificate. Traditionally, User IDs contain a string that combines a name and an email address.
|
||||||
|
|
Loading…
Reference in a new issue