vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-09 11:19:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add more explanation to unbound User IDs

Browse source
This commit is contained in:
Wiktor Kwapisiewicz 2023-11-24 13:20:55 +01:00 committed by Heiko Schaefer
parent 1684b35567
commit 87c2a65567
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 3 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
book/source/04-certificates.md
View file

@ -516,13 +516,11 @@ Third-party certifications are published as part of the target certificate to fa
(unbound_user_ids)=
### Adding unbound User IDs to a certificate
```{admonition} TODO
:class: warning
Some OpenPGP subsystems may add User IDs to a certificate, which are not bound to the primary key by the certificate's owner. This can be useful to store local identity information (e.g., Sequoia's public store attaches ["pet-names"][PET] to certificates, in this way).
references/links missing
```
[PET]: https://sequoia-pgp.org/blog/2023/04/08/sequoia-sq/#an-address-book-style-trust-model
Some OpenPGP subsystems may add User IDs to a certificate, which are not bound to the primary key by the certificate's owner. This can be useful to store local identity information (e.g., Sequoia's public store attaches "pet-names" to certificates, in this way).
Sequoia additionally certifies these foreign User IDs with the local trust root to facilitate authentication of certificates but marks all this additional signatures with a Non Exportable subpacket so that they are not visible when publishing the certificate e.g. on keyservers.
### Third-party certification flooding