mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-22 23:52:05 +01:00
Compare commits
No commits in common. "ffa24596a4e77f25a27df3c12c7fcb350a00ccde" and "ebc7530cdb3f82c9906dbc1d501adf6268417ae7" have entirely different histories.
ffa24596a4
...
ebc7530cdb
2 changed files with 10 additions and 16 deletions
|
@ -32,9 +32,7 @@ Authentication
|
||||||
The term "authentication" here is semantically different from the one used in {term}`Authentication Key Flag`.
|
The term "authentication" here is semantically different from the one used in {term}`Authentication Key Flag`.
|
||||||
|
|
||||||
Authentication Key Flag
|
Authentication Key Flag
|
||||||
A {term}`Key Flag` which indicates that a {term}`Component Key` can be used to prove control over {term}`private key material` with a challenge-response mechanism. This is typically done to log into a remote system, often using the OpenSSH protocol.
|
A {term}`Key Flag`, which indicates that a {term}`Component Key` can be used to confirm control over {term}`private key material` against a remote system. This is typically done to perform an authorative action, like logging into a system. The term "authentication" here is semantically different from {term}`Authentication`. See [](key-flags).
|
||||||
|
|
||||||
Note that the term "authentication" is used in a different context here than {term}`Authentication` of {term}`identity claims<identity claim>` that are associated with a {term}`certificate`. See [](key-flags).
|
|
||||||
|
|
||||||
Authentication Tag
|
Authentication Tag
|
||||||
See {term}`Message Authentication Code`.
|
See {term}`Message Authentication Code`.
|
||||||
|
@ -51,12 +49,12 @@ Binary Signature
|
||||||
Binding
|
Binding
|
||||||
The process of creating a {term}`Binding Signature` for a {term}`Component`, or the resulting {term}`Binding Signature`.
|
The process of creating a {term}`Binding Signature` for a {term}`Component`, or the resulting {term}`Binding Signature`.
|
||||||
|
|
||||||
See [](binding-signatures) for more.
|
See {ref}`binding-signatures` for more.
|
||||||
|
|
||||||
Binding Signature
|
Binding Signature
|
||||||
A {term}`self-signature` on a {term}`component` which associates that {term}`component` to the issuing {term}`component key` in a {term}`certificate<OpenPGP Certificate>`.
|
A {term}`self-signature` on a {term}`component` which associates that {term}`component` to the issuing {term}`component key` in a {term}`certificate<OpenPGP Certificate>`.
|
||||||
|
|
||||||
See [](binding-signatures) for more.
|
See {ref}`binding-signatures` for more.
|
||||||
|
|
||||||
CA
|
CA
|
||||||
See {term}`Certification Authority`.
|
See {term}`Certification Authority`.
|
||||||
|
@ -227,10 +225,6 @@ Identity
|
||||||
|
|
||||||
Identity Certification
|
Identity Certification
|
||||||
An {term}`OpenPGP Signature Packet` on an {term}`Identity Component` which {term}`certifies<Certification>` its {term}`authenticity<Authentication>`.
|
An {term}`OpenPGP Signature Packet` on an {term}`Identity Component` which {term}`certifies<Certification>` its {term}`authenticity<Authentication>`.
|
||||||
|
|
||||||
Identity certifications can be issued either:
|
|
||||||
- by the certificate holder, as a {term}`self-signature`, or
|
|
||||||
- by a third party, as a {term}`third-party identity certifications<Third-party Identity Certification>`.
|
|
||||||
|
|
||||||
Identity Claim
|
Identity Claim
|
||||||
A {term}`Certificate Holder` may use {term}`Identity Components<Identity Component>` or {term}`Notations<Notation>` to state a claim about their {term}`Identity`.
|
A {term}`Certificate Holder` may use {term}`Identity Components<Identity Component>` or {term}`Notations<Notation>` to state a claim about their {term}`Identity`.
|
||||||
|
@ -307,7 +301,7 @@ Life-cycle Management
|
||||||
See [](self-signatures).
|
See [](self-signatures).
|
||||||
|
|
||||||
Literal Data Packet
|
Literal Data Packet
|
||||||
A {term}`packet` which contains the plaintext data of an encrypted and/or signed message. See [RFC 5.9](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#lit) for more details.
|
A packet which contains the plaintext data of an encrypted and/or signed message. See [RFC 5.9](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#lit) for more details.
|
||||||
|
|
||||||
MAC
|
MAC
|
||||||
See {term}`Message Authentication Code`.
|
See {term}`Message Authentication Code`.
|
||||||
|
@ -318,10 +312,10 @@ Master Key
|
||||||
Message Authentication Code
|
Message Authentication Code
|
||||||
A piece of information used for integrity and {term}`authenticity<Authentication>` verification of a message. See [](message-authentication-code).
|
A piece of information used for integrity and {term}`authenticity<Authentication>` verification of a message. See [](message-authentication-code).
|
||||||
|
|
||||||
Meta Introducer
|
Meta-Introducer
|
||||||
An {term}`OpenPGP Certificate` that acts as a {term}`Trusted introducer` and has a {term}`Trust Depth` greater than one.
|
An {term}`OpenPGP Certificate` with a {term}`Trust Depth` greater than one.
|
||||||
|
|
||||||
A meta introducer can introduce other (meta-) {term}`introducers<Trusted introducer>`.
|
A meta-introducer can introduce other (meta-) introducers.
|
||||||
|
|
||||||
Metadata
|
Metadata
|
||||||
Data related to preferences of an {term}`OpenPGP Certificate` or its {term}`Certificate Holder`, that can be found in {term}`signature` {term}`packets<Packet>`. See [](metadata-in-certificates).
|
Data related to preferences of an {term}`OpenPGP Certificate` or its {term}`Certificate Holder`, that can be found in {term}`signature` {term}`packets<Packet>`. See [](metadata-in-certificates).
|
||||||
|
@ -574,7 +568,7 @@ Signature Type
|
||||||
See {term}`OpenPGP Signature Type`.
|
See {term}`OpenPGP Signature Type`.
|
||||||
|
|
||||||
Signature Type ID
|
Signature Type ID
|
||||||
A numerical identifier for a {term}`Signature Type<OpenPGP Signature Type>`.
|
A numerical identifier for a {term}`Signature Type`.
|
||||||
|
|
||||||
Signature Verification
|
Signature Verification
|
||||||
In cryptography the mechanism of verification relates to a process in which a claim (i.e., a {term}`signature`) is tested (i.e., using the relevant {term}`components<Component>` of a {term}`certificate`).
|
In cryptography the mechanism of verification relates to a process in which a claim (i.e., a {term}`signature`) is tested (i.e., using the relevant {term}`components<Component>` of a {term}`certificate`).
|
||||||
|
@ -672,7 +666,7 @@ Trust Signature
|
||||||
Trusted introducer
|
Trusted introducer
|
||||||
OpenPGP users can choose to rely on {term}`certifications<Certification>` issued by a third party. The remote party of such a {term}`delegation` is called a "trusted introducer".
|
OpenPGP users can choose to rely on {term}`certifications<Certification>` issued by a third party. The remote party of such a {term}`delegation` is called a "trusted introducer".
|
||||||
|
|
||||||
See [](delegation) for more details.
|
See {ref}`delegation` for more details.
|
||||||
|
|
||||||
TSK
|
TSK
|
||||||
See {term}`Transferable Secret Key`.
|
See {term}`Transferable Secret Key`.
|
||||||
|
|
|
@ -241,7 +241,7 @@ OpenPGP uses [*trust signature*](https://www.ietf.org/archive/id/draft-ietf-open
|
||||||
(trust-level)=
|
(trust-level)=
|
||||||
#### Trust depth/level
|
#### Trust depth/level
|
||||||
|
|
||||||
The "{term}`trust depth`" (or {term}`level<Trust Depth>`) in OpenPGP signifies the extent of transitive {term}`delegation` within the {term}`authentication` process. It determines how far a {term}`delegation` can be extended from the original {term}`trusted introducer` to subsequent intermediaries. Essentially, a {term}`certificate<OpenPGP Certificate>` with a {term}`trust depth` of more than one acts as a "{term}`meta introducer`," facilitating {term}`authentication` decisions across multiple levels in the network.
|
The "{term}`trust depth`" (or {term}`level<Trust Depth>`) in OpenPGP signifies the extent of transitive {term}`delegation` within the {term}`authentication` process. It determines how far a {term}`delegation` can be extended from the original {term}`trusted introducer` to subsequent intermediaries. Essentially, a {term}`certificate<OpenPGP Certificate>` with a {term}`trust depth` of more than one acts as a "{term}`meta-introducer`," facilitating {term}`authentication` decisions across multiple levels in the network.
|
||||||
|
|
||||||
A {term}`trust depth` of 1 means relying on {term}`certifications<Certification>` made directly by the {term}`trusted introducer`. The user's OpenPGP software will accept {term}`certifications<Certification>` made directly by the {term}`introducer<Trusted Introducer>` for {term}`authenticating<Authentication>` identities.
|
A {term}`trust depth` of 1 means relying on {term}`certifications<Certification>` made directly by the {term}`trusted introducer`. The user's OpenPGP software will accept {term}`certifications<Certification>` made directly by the {term}`introducer<Trusted Introducer>` for {term}`authenticating<Authentication>` identities.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue