initial draft of "merging" section

2025-09-09 11:19:41 +02:00 · 2023-11-17 19:28:40 +01:00 · 2023-11-17 19:28:40 +01:00 · 3a2d8cad55
commit 3a2d8cad55
parent 83d14fa5de
1 changed files with 6 additions and 6 deletions
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@ -343,15 +343,15 @@ However, there are contexts in which implementations may prefer to handle only a
 (append-only)=
 ### Merging

+As described above, OpenPGP certificates are effectively [append-only](append-only) data structures. As part of the practical realization of this fact, OpenPGP software needs to *merge* different copies of a certificate.
+
+For example, Bob's OpenPGP system may have a local copy of Alice's certificate, and obtain a different version of Alice's certificate from a keyserver. The goal of the implementation is to add new information about Alice's certificate, if any, to the local copy. Alice may have added a new identity, replaced a subkey with a replacement subkey, or revoked some components of her certificate. Or, Alice may have revoked her certificate, signaling that she doesn't want communication partners to use that certificate anymore. All of these updates could be crucial for Bob to be aware of.
+
+Merging two versions of a certificate involves making decisions about which packets should be kept. The versions of the certificate will typically contain some packets that are identical. No duplicates of the exact same packet should be stored in the merged version of the certificate. Additionally, if the newly obtained copy contains packets that are in fact entirely unrelated to the certificate, those should not be retained (a third party may have included unrelated packets, either by mistake, or with malicious intent).
+
 - How to merge two copies of the same certificate?
 - Canonicalization

-```{admonition} TODO
-:class: warning
-
-write
-```
-
 (cert-mini)=
 ### Certificate minimization