From 3a2d8cad552f573ec2717e3c8367183990c8b2ee Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 17 Nov 2023 19:28:40 +0100 Subject: [PATCH] initial draft of "merging" section --- book/source/04-certificates.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 78acf4e..d329f30 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -343,15 +343,15 @@ However, there are contexts in which implementations may prefer to handle only a (append-only)= ### Merging +As described above, OpenPGP certificates are effectively [append-only](append-only) data structures. As part of the practical realization of this fact, OpenPGP software needs to *merge* different copies of a certificate. + +For example, Bob's OpenPGP system may have a local copy of Alice's certificate, and obtain a different version of Alice's certificate from a keyserver. The goal of the implementation is to add new information about Alice's certificate, if any, to the local copy. Alice may have added a new identity, replaced a subkey with a replacement subkey, or revoked some components of her certificate. Or, Alice may have revoked her certificate, signaling that she doesn't want communication partners to use that certificate anymore. All of these updates could be crucial for Bob to be aware of. + +Merging two versions of a certificate involves making decisions about which packets should be kept. The versions of the certificate will typically contain some packets that are identical. No duplicates of the exact same packet should be stored in the merged version of the certificate. Additionally, if the newly obtained copy contains packets that are in fact entirely unrelated to the certificate, those should not be retained (a third party may have included unrelated packets, either by mistake, or with malicious intent). + - How to merge two copies of the same certificate? - Canonicalization -```{admonition} TODO -:class: warning - -write -``` - (cert-mini)= ### Certificate minimization