From 03515927b3945b2ab55b29f4f8ccb33e11f59c7f Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Tue, 5 Dec 2023 13:46:14 +0100 Subject: [PATCH 1/3] ch9: edits for clarity --- book/source/09-verification.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/09-verification.md b/book/source/09-verification.md index 168d4e0..e4b8ddb 100644 --- a/book/source/09-verification.md +++ b/book/source/09-verification.md @@ -189,7 +189,7 @@ Signatures shadow one another, based on reference time. Multiple signatures can be attached to an OpenPGP certificate or component. These signatures can contain conflicting information. When verifying a signature that is not self-qualifying, an implementation needs to consider self-qualifying signatures on the issuer's certificate for qualification. -There might be several signatures per component. +There may be several signatures per component. For example, there could be multiple subkey binding signatures for one subkey. In general, for each category of signatures, only the signature with the latest creation time is considered and takes precedence. From 4f73c0a9173e2536b2549b0ec1a34ef745f3775d Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 8 Dec 2023 00:06:40 +0100 Subject: [PATCH 2/3] minor edit --- book/source/09-verification.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/book/source/09-verification.md b/book/source/09-verification.md index e4b8ddb..eac6965 100644 --- a/book/source/09-verification.md +++ b/book/source/09-verification.md @@ -93,7 +93,7 @@ This is required because the issuing component key needs to be qualified to crea In short, a chain of valid signatures from the signature itself to the primary key of the issuer certificate needs to be established. -For example, a data signature over an email body may be issued by a subkey only if that subkey is validly bound to the issuer's certificate via a subkey binding signature. That binding signature needs to contain a *key flags* subpacket that marks the subkey as *signing* capable. +For example, a subkey may issue a data signature over an email body only if that subkey is validly bound to the issuer's certificate via a subkey binding signature. That binding signature needs to contain a *key flags* subpacket that marks the subkey as *signing* capable. Similarly, certification signatures over third-party certificates require the issuer key to carry a valid self-signature with the *certification* key flag. Self-qualifying signatures have no such limitations. @@ -192,6 +192,7 @@ When verifying a signature that is not self-qualifying, an implementation needs There may be several signatures per component. For example, there could be multiple subkey binding signatures for one subkey. + In general, for each category of signatures, only the signature with the latest creation time is considered and takes precedence. Alternatively, there might be competing qualifying signatures of different types, e.g., a direct key signature and a self-certification signature on a primary User ID. From 5994b08c78a5dbc6128aaa0f5d6fb98ceecd6dd6 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 8 Dec 2023 01:15:41 +0100 Subject: [PATCH 3/3] signature precedence --- book/source/09-verification.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/book/source/09-verification.md b/book/source/09-verification.md index eac6965..1bf3097 100644 --- a/book/source/09-verification.md +++ b/book/source/09-verification.md @@ -188,15 +188,17 @@ Signatures shadow one another, based on reference time. Multiple signatures can be attached to an OpenPGP certificate or component. These signatures can contain conflicting information. -When verifying a signature that is not self-qualifying, an implementation needs to consider self-qualifying signatures on the issuer's certificate for qualification. -There may be several signatures per component. +When verifying a signature that is not self-qualifying, an implementation needs to inspect self-qualifying signatures in the issuer's certificate for qualification. The certificate may contain multiple signatures for one component. -For example, there could be multiple subkey binding signatures for one subkey. +For example, there could be multiple subkey binding signatures for one subkey. This could be the case because the expiration time in the original binding signature has expired, and the certificate holder has issued a new binding signature with an extended expiration time. -In general, for each category of signatures, only the signature with the latest creation time is considered and takes precedence. +In general, for each category of signatures (categories such as binding signatures for one particular subkey), the signature with the latest creation time takes precedence, and only that signature is considered. -Alternatively, there might be competing qualifying signatures of different types, e.g., a direct key signature and a self-certification signature on a primary User ID. -In this case, depending on how a key is "addressed," different attributes from both candidates "shadow" another. +Alternatively, there can be competing qualifying signatures of different types, e.g., a direct key signature and a self-certification signature on a primary User ID. Both of these contain metadata associated with the entire certificate. By default, the direct key signature is preferred[^conflicting-prefs] in OpenPGP version 6. + +[^conflicting-prefs]: However, the semantics of these cases are not currently fully specified, see [this discussion](https://gitlab.com/openpgp-wg/rfc4880bis/-/issues/103). + +Depending on how a certificate is "located," different metadata from possible candidate signatures "shadow" one another. The RFC [states](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-notes-on-self-signatures) that when a certificate is "located" by the OpenPGP software "via an identity", then the metadata associated with that identity takes precedence over more global metadata, such as that associated with the certificate's primary key, with a direct key signature. ```{admonition} TODO :class: warning