From 5994b08c78a5dbc6128aaa0f5d6fb98ceecd6dd6 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 8 Dec 2023 01:15:41 +0100 Subject: [PATCH] signature precedence --- book/source/09-verification.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/book/source/09-verification.md b/book/source/09-verification.md index eac6965..1bf3097 100644 --- a/book/source/09-verification.md +++ b/book/source/09-verification.md @@ -188,15 +188,17 @@ Signatures shadow one another, based on reference time. Multiple signatures can be attached to an OpenPGP certificate or component. These signatures can contain conflicting information. -When verifying a signature that is not self-qualifying, an implementation needs to consider self-qualifying signatures on the issuer's certificate for qualification. -There may be several signatures per component. +When verifying a signature that is not self-qualifying, an implementation needs to inspect self-qualifying signatures in the issuer's certificate for qualification. The certificate may contain multiple signatures for one component. -For example, there could be multiple subkey binding signatures for one subkey. +For example, there could be multiple subkey binding signatures for one subkey. This could be the case because the expiration time in the original binding signature has expired, and the certificate holder has issued a new binding signature with an extended expiration time. -In general, for each category of signatures, only the signature with the latest creation time is considered and takes precedence. +In general, for each category of signatures (categories such as binding signatures for one particular subkey), the signature with the latest creation time takes precedence, and only that signature is considered. -Alternatively, there might be competing qualifying signatures of different types, e.g., a direct key signature and a self-certification signature on a primary User ID. -In this case, depending on how a key is "addressed," different attributes from both candidates "shadow" another. +Alternatively, there can be competing qualifying signatures of different types, e.g., a direct key signature and a self-certification signature on a primary User ID. Both of these contain metadata associated with the entire certificate. By default, the direct key signature is preferred[^conflicting-prefs] in OpenPGP version 6. + +[^conflicting-prefs]: However, the semantics of these cases are not currently fully specified, see [this discussion](https://gitlab.com/openpgp-wg/rfc4880bis/-/issues/103). + +Depending on how a certificate is "located," different metadata from possible candidate signatures "shadow" one another. The RFC [states](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-notes-on-self-signatures) that when a certificate is "located" by the OpenPGP software "via an identity", then the metadata associated with that identity takes precedence over more global metadata, such as that associated with the certificate's primary key, with a direct key signature. ```{admonition} TODO :class: warning