From 87c2a655675b4f420839190f39bd9a7fb366460c Mon Sep 17 00:00:00 2001 From: Wiktor Kwapisiewicz Date: Fri, 24 Nov 2023 13:20:55 +0100 Subject: [PATCH] Add more explanation to unbound User IDs --- book/source/04-certificates.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 9d681b8..868679e 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -516,13 +516,11 @@ Third-party certifications are published as part of the target certificate to fa (unbound_user_ids)= ### Adding unbound User IDs to a certificate -```{admonition} TODO -:class: warning +Some OpenPGP subsystems may add User IDs to a certificate, which are not bound to the primary key by the certificate's owner. This can be useful to store local identity information (e.g., Sequoia's public store attaches ["pet-names"][PET] to certificates, in this way). -references/links missing -``` +[PET]: https://sequoia-pgp.org/blog/2023/04/08/sequoia-sq/#an-address-book-style-trust-model -Some OpenPGP subsystems may add User IDs to a certificate, which are not bound to the primary key by the certificate's owner. This can be useful to store local identity information (e.g., Sequoia's public store attaches "pet-names" to certificates, in this way). +Sequoia additionally certifies these foreign User IDs with the local trust root to facilitate authentication of certificates but marks all this additional signatures with a Non Exportable subpacket so that they are not visible when publishing the certificate e.g. on keyservers. ### Third-party certification flooding