diff --git a/book/source/09-verification.md b/book/source/09-verification.md index 33edf6a..22c731f 100644 --- a/book/source/09-verification.md +++ b/book/source/09-verification.md @@ -44,7 +44,7 @@ A signature is valid only for a constrained period of time: When checking a signature for validity, a reference time is used. This can be the current time during validation, or a point in time that relates to the signature that is getting checked. For example, when checking a signature in an email, the reference time might be the signature creation time, or the time of receipt for the email. -For the signature to qualify as valid, it needs to be effective. In other words, the reference time must fall into the period between signature creation and signature expiration. +For the signature to qualify as valid, it needs to be in effect. In other words, the reference time must fall into the period between signature creation and signature expiration. The same reference time must be used when verifying additional qualifying signatures. @@ -94,8 +94,8 @@ Note: Attribute shadowing should only be used for algorithm preferences, since t ### Signature shadowing -When inspecting signatures on a component of an OpenPGP certificate, only the newest, effective signature for each function is considered. -In other words; If there are three binding signatures `A, B, C` for a subkey, where `A` was created at `t0`, `B` at `t1` and `C` at `t3` with `t0 < t1 < t2 < t3`, at `t2` an implementation only needs to consider `B`, as `C` is not yet effective. `A` is shadowed, because it is older than `B`. +When inspecting signatures on a component of an OpenPGP certificate, of the signatures that are in effect for each function, only the newest is considered. +In other words; If there are three binding signatures `A, B, C` for a subkey, where `A` was created at `t0`, `B` at `t1` and `C` at `t3` with `t0 < t1 < t2 < t3`, at `t2` an implementation only needs to consider `B`, as `C` is not yet in effect. `A` is shadowed, because it is older than `B`. ```{figure} drawio/cert-validity-subkey.png