From 9ece6aa5786da6dac149f79bba173c14098b8e21 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Mon, 4 Dec 2023 00:33:48 +0100
Subject: [PATCH] add another point to "minimization guidelines"

---
 book/source/04-certificates.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md
index 055547e..d470156 100644
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@@ -505,7 +505,8 @@ Disadvantages/risks of minimizing certificates:
 #### Guidelines
 
 1. Don't minimize certificates unless you have a good reason to.
-2. When presenting a minimized certificate view, consider when that view needs to be updated. Ideally, minimized certificates are freshly generated, on demand (e.g. the Autocrypt header is constructed while an email is sent or composed) and the client merges all data collected.
+2. When minimizing a certificate, minimize it in a way that suites your use-case. E.g., when minimizing a certificate for distribution alongside a signed software packet, make sure to include enough historical self-signatures as to not break the verification of the signed packet.
+3. When presenting a minimized certificate view, consider when that view needs to be updated. Ideally, minimized certificates are freshly generated, on demand (e.g., an Autocrypt header is constructed while an email is sent or composed). The receiver is expected to typically merge all data it sees, locally.
 
 ### Fingerprints and beyond: "Naming" certificates in user-facing contexts