From 1dfe9001870aca96f8fcf0e8dce2a7c9c70171d6 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Mon, 4 Dec 2023 00:04:06 +0100 Subject: [PATCH] clarify --- book/source/04-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 1168fb7..0c0a087 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -479,7 +479,7 @@ Many certificates can be significantly pruned if the only goal of distributing t Such minimization might be appropriate and convenient to enable encrypted communication with a ProtonMail client, which automatically fetches OpenPGP certificates via WKD while composing a message. The ProtonMail use case requires only component keys, not third-party certifications, and it doesn't require historical component keys or self-signatures. -However, in a different context, the same certificate might be fetched to verify the authenticity of a signature. In that case, third-party certifications may be crucial for the client. Stripping them could prevent the client from performing Web of Trust calculations and authenticating the signature. +However, in a different context, the same certificate might be fetched to verify the authenticity of a signature. In that case, third-party certifications may be crucial for the client. Stripping them could prevent the client from performing Web of Trust calculations and verifying the authenticity of the certificate. [^space-example]: The following fragment processes an example certificate. It drops any subkey that is not valid at the time of export (because of revocation or expiration), and any third-party certifications. Additionally, authentication subkeys are stripped, since they are irrelevant for email: