diff --git a/book/source/23-glossary.md b/book/source/23-glossary.md index 8daeacb..4819c9a 100644 --- a/book/source/23-glossary.md +++ b/book/source/23-glossary.md @@ -24,6 +24,11 @@ Authentication Tag Authenticity See {term}`Authentication`. +Binding Signature + A {term}`signature` on a {term}`component` which links that {term}`component` to a {term}`certificate`. + + See {ref}`binding_sigs` for more. + CA See {term}`Certification Authority`. @@ -43,7 +48,9 @@ Certificate Holder A person or other entity, that holds an {term}`Transferable Secret Key` and thus is able to modify the accompanying {term}`OpenPGP Certificate`. Certification - "Third party Signature" on a certificate, making a statement about that {term}`certificate`, or an {term}`identity` in the {term}`certificate`. + A certification, in OpenPGP, is a signature that makes a statement about an {term}`identity` in a {term}`certificate`, or an entire {term}`certificate`. + + Most commonly, the term is applied to "[third-party certifications](third_party_cert)," in which an external actor indicates that they have {term}`validated` the link between an {term}`identity` and a {term}`certificate`. However, the term is also used for [self-signatures that bind identity components](bind_ident) to a {term}`certificate`. Certification Key Flag A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for issuing third-party {term}`certifications`. See [](capabilities_key_flags). @@ -76,7 +83,9 @@ CTB See {term}`Cipher Type Byte`. Delegation - See {term}`Trust signature` + OpenPGP users can [delegate authentication decisions](delegation) to third parties, and thus rely on {term}`certifications` they issue. The remote party is then called a "{term}`trusted introducer`". + + This kind of delegation involves {term}`certifications` that include the {term}`trust signature` subpacket. Direct Key Signature A {term}`Signature` that sets preferences and advertises features applicable to an entire {term}`Certificate`. See [](direct_key_signature). @@ -85,7 +94,7 @@ Encryption Key Flag A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for encrypting data. See [](capabilities_key_flags). Expiration - A mechanism by which a {term}`Component` is invalidated due to the {term}`Expiration Time` of its binding signature being older than the {term}`Reference Time` by which it is validated. + A mechanism by which a {term}`Component` is invalidated due to the {term}`Expiration Time` of its {term}`binding signature` being older than the {term}`Reference Time` by which it is validated. Expiration Date Subpacket An {term}`OpenPGP Signature Subpacket Type` which defines the {term}`Expiration Time` for an {term}`OpenPGP Signature Packet`. @@ -188,7 +197,9 @@ OpenPGP Component Key An {term}`OpenPGP Primary Key` or {term}`OpenPGP Subkey`. For an in-depth discussion see [](component_keys). OpenPGP Fingerprint - A fingerprint, that is unique for each {term}`OpenPGP Component Key`. See [](fingerprint). + An OpenPGP Fingerprint is a shorthand representation of an {term}`OpenPGP Component Key`. Fingerprints effectively act as unique identifiers. See [](fingerprint). + + The Fingerprint of the {term}`primary component key` is used as an identifier for the full {term}`OpenPGP Certificate`. OpenPGP Implementation A piece of software implementing the OpenPGP protocol (to some extend). @@ -203,7 +214,7 @@ OpenPGP Private Key See {term}`Transferable Secret Key`. OpenPGP Primary Key - The primary key of an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](primary_key). + An {term}`OpenPGP Component Key` that is used in the primary key role of an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](primary_key). OpenPGP Signature See {term}`OpenPGP Signature Packet`. @@ -221,7 +232,7 @@ OpenPGP Signature Type The type of an {term}`OpenPGP Signature Packet` is defined by its {term}`Signature Type ID`. See [](signature_types). OpenPGP Subkey - A subkey of an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](subkeys). + An {term}`OpenPGP Component Key` that is used in the subkey role, in an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](subkeys). Owner See {term}`Certificate Holder`. @@ -344,7 +355,12 @@ Trust Model A model by which trust between {term}`identities` associated with different {term}`OpenPGP Certificates` is created. See [](third_party_identity_certifications). Trust signature - a specific type of certification for a certificate, which marks that key as a "trusted introducer" (i.e. the party that creates the trust signature signals that they will trust certifications that the "trusted introducer" makes on certificates) + The *trust signature* subpacket on a certifying {term}`signature` is used for {term}`delegation` of {term}`authentication` decisions. With this feature, an OpenPGP user can designate a {term}`certificate` as a "{term}`trusted introducer`" and opt to rely on {term}`certifications` they issue. + +Trusted introducer + OpenPGP users can choose to rely on {term}`certifications` issued by a third party. The remote party of such a {term}`delegation` is called a "trusted introducer". + + See {ref}`delegation` for more details. TSK See {term}`Transferable Secret Key`.