From 55396e845218671f1bae2ac0d5c95e2d379c8bce Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Thu, 9 Nov 2023 17:29:26 +0100
Subject: [PATCH] Attribute shadowing

---
 book/source/09-verification.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/book/source/09-verification.md b/book/source/09-verification.md
index 2f0cc30..bbc7f7c 100644
--- a/book/source/09-verification.md
+++ b/book/source/09-verification.md
@@ -76,7 +76,14 @@ On the other hand, in order to verify a data signature over a text document, an
 
 ### Attribute Shadowing
 
-TODO
+When determining preferences of a key, different signatures can be inspected.
+For example, when using a signing subkey to generate a data signature, the implementation might want to check for hash algorithm preferences on the subkey binding signature.
+At the same time, the specification states, that signature subpackets on the direct-key signature of the OpenPGP keys primary key apply to the whole key (therefore also to the signing subkey).
+
+In this case, the implementation uses the preferences from the subkey binding signature, but if no such subpacket is found on the latest binding signature, it falls back to the preferences of the direct-key signature.
+This is called attribute shadowing, since direct-key signature subpackets apply to all subkeys, but are shadowed by binding signature subpackets.
+
+Note: Attribute shadowing should only be used for algorithm preferences, since there are subpacket types where shadowing makes no sense (e.g. key expiration time subpackets).
 
 ### Revocations