Merge pull request 'various small ch2 edits' (#151) from heiko-ch2 into draft

Reviewed-on: https://codeberg.org/openpgp/notes/pulls/151
2025-09-10 19:59:40 +02:00 · 2023-11-28 20:48:22 +00:00 · 2023-11-28 20:48:22 +00:00 · 18e12545c6
commit 18e12545c6
parent 7847105383 9daa036543
1 changed files with 5 additions and 3 deletions
--- a/book/source/02-highlevel.md
+++ b/book/source/02-highlevel.md
@ -7,7 +7,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0
 ## Why OpenPGP?
-OpenPGP is a widely recognized, IETF-standardized set of cryptographic operations. It is broadly used in securing communications, for example, in encrypted text messages and email, and enjoys a vast ecosystem of libraries, tools, and community support forums. Moreover, its robustness and versatility has made OpenPGP a security choice for other use cases in which encryption is important. These include file transfer applications, password managers, and secure data storage. 
+OpenPGP is a widely recognized, IETF-standardized set of cryptographic operations. It is broadly used in securing communications, like encrypted messages and email, and ensuring the integrity of software packages in most Linux distributions. It enjoys a vast ecosystem of libraries, tools, and community support forums. Moreover, its robustness and versatility have made OpenPGP a security choice for other use cases in which encryption and integrity are important. These include file transfer applications, password managers, secure data storage, and signing source code in git repositories. 
 There are other compelling reasons for why you might consider using OpenPGP in your project:
@ -55,7 +55,7 @@ Because the GnuPG program binary is called "gpg," "GnuPG" and "gpg" are often us
 In 2007, the IETF published [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880), which defines version 4 OpenPGP artifacts. As of late 2023, version 4 is the most commonly used version.
-An extension for Elliptic Curve Cryptography was defined in [RFC 6637](https://www.rfc-editor.org/rfc/rfc6637).
+An extension for Elliptic Curve Cryptography was defined in [RFC 6637](https://www.rfc-editor.org/rfc/rfc6637), specifying the use of three NIST prime field curves.
 Some implementations explored other non-standardized extensions. Notably, algorithms based on Curve 25519 were tentatively defined in the [rfc4880bis](https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#name-elliptic-curve-cryptography) document. These algorithms are widely used, even though rfc4880bis has never been finalized as a new version of the standard.
@ -66,7 +66,7 @@ Today, multiple implementations of OpenPGP play important roles:
 - Proton Mail, which provides email encryption services for a large number of users, uses and maintains [OpenPGP.js](https://openpgpjs.org/) as well as [GopenPGP](https://gopenpgp.org/), an OpenPGP wrapper library written in golang.
 - The Mozilla Thunderbird email software uses [RNP](https://www.rnpgp.org/), a C++ implementation of OpenPGP.
- The RPM Package Manager software includes an OpenPGP backend based on [Sequoia PGP](https://sequoia-pgp.org/), a modern OpenPGP implementation written in Rust. The Fedora operating system, Fedora Linux 38, [uses Sequoia PGP in rpm](https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/).
+- The RPM Package Manager software includes an OpenPGP backend based on [Sequoia PGP](https://sequoia-pgp.org/), a modern OpenPGP implementation written in Rust. The Fedora Linux operating system [uses Sequoia PGP in rpm](https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/) since version 38.
 (interop_section)=
 ### Interoperability
@ -96,6 +96,8 @@ Significant support for OpenPGP version 6 has already been achieved for multiple
 - [PGPy](https://github.com/dkg/PGPy/tree/dkg/crypto-refresh),
 - [Sequoia PGP](https://gitlab.com/sequoia-pgp/sequoia/-/tree/crypto-refresh).
 Initial efforts to incorporate support for OpenPGP version 6 have been undertaken in the PGPainless and RNP implementations.
 ### Post-quantum cryptography in OpenPGP
 There is [ongoing work](https://datatracker.ietf.org/doc/draft-wussler-openpgp-pqc/) to standardize and add support for post-quantum public-key algorithms in OpenPGP. This project is funded by the [german "BSI"](https://en.wikipedia.org/wiki/Federal_Office_for_Information_Security). Goals include adding support for post-quantum cryptography to Thunderbird and GnuPG. A [presentation](https://datatracker.ietf.org/meeting/113/materials/slides-113-openpgp-a-post-quantum-approach-for-openpgp-00) was given at [IETF 113](https://datatracker.ietf.org/meeting/113/session/openpgp/).