vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 11:49:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

ch4: move certificate validity up

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-22 22:31:57 +01:00
parent 04be4cd927
commit 6a14882687
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
book/source/04-certificates.md
View file

@ -305,6 +305,18 @@ The popular [SKS keyserver network experienced certificate flooding firsthand](h
## Advanced topics ## Advanced topics
### When are certificates valid?
- Full certificate: Primary revoked/key expired/binding signature expired,
- Subkey: Revoked/key expired/binding signature expired
- User ID: revoked, binding expired, ...
```{admonition} TODO
:class: warning
write, link to chapter 9
```
(append-only)= (append-only)=
### Certificates are effectively append-only data structures ### Certificates are effectively append-only data structures
@ -484,18 +496,6 @@ Note that regardless of the OpenPGP version, software that relies on 8-byte Key
The historical 4-byte "short Key IDs" format should not be used anywhere, anymore (finding collisions in a 32-bit keyspace has been [trivial for a long time](https://evil32.com/)). The historical 4-byte "short Key IDs" format should not be used anywhere, anymore (finding collisions in a 32-bit keyspace has been [trivial for a long time](https://evil32.com/)).
### When are certificates valid?
- Full certificate: Primary revoked/key expired/binding signature expired,
- Subkey: Revoked/key expired/binding signature expired
- User ID: revoked, binding expired, ...
```{admonition} TODO
:class: warning
write, link to chapter 9
```
(cert-freshness)= (cert-freshness)=
### Certificate freshness: Triggering updates with expiration ### Certificate freshness: Triggering updates with expiration