vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-09 11:19:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

add another point to "minimization guidelines"

Browse source
This commit is contained in:
Heiko Schaefer 2023-12-04 00:33:48 +01:00
parent bd700e0313
commit 9ece6aa578
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
book/source/04-certificates.md
View file

@ -505,7 +505,8 @@ Disadvantages/risks of minimizing certificates:
#### Guidelines
1. Don't minimize certificates unless you have a good reason to.
2. When presenting a minimized certificate view, consider when that view needs to be updated. Ideally, minimized certificates are freshly generated, on demand (e.g. the Autocrypt header is constructed while an email is sent or composed) and the client merges all data collected.
2. When minimizing a certificate, minimize it in a way that suites your use-case. E.g., when minimizing a certificate for distribution alongside a signed software packet, make sure to include enough historical self-signatures as to not break the verification of the signed packet.
3. When presenting a minimized certificate view, consider when that view needs to be updated. Ideally, minimized certificates are freshly generated, on demand (e.g., an Autocrypt header is constructed while an email is sent or composed). The receiver is expected to typically merge all data it sees, locally.
### Fingerprints and beyond: "Naming" certificates in user-facing contexts