From 327975fff650f952a1abd4d07e65884e5481ed48 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 29 Nov 2023 16:05:00 +0100 Subject: [PATCH 1/5] g: OpenPGP Fingerprint --- book/source/23-glossary.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/book/source/23-glossary.md b/book/source/23-glossary.md index 8daeacb..01d9dfe 100644 --- a/book/source/23-glossary.md +++ b/book/source/23-glossary.md @@ -188,7 +188,9 @@ OpenPGP Component Key An {term}`OpenPGP Primary Key` or {term}`OpenPGP Subkey`. For an in-depth discussion see [](component_keys). OpenPGP Fingerprint - A fingerprint, that is unique for each {term}`OpenPGP Component Key`. See [](fingerprint). + An OpenPGP Fingerprint is a shorthand representation of an {term}`OpenPGP Component Key`. Fingerprints effectively act as unique identifiers. See [](fingerprint). + + The Fingerprint of the {term}`primary component key` is used as an identifier for the full {term}`OpenPGP Certificate`. OpenPGP Implementation A piece of software implementing the OpenPGP protocol (to some extend). From 09c82656214a235d18afdbe522db081f691066ba Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 29 Nov 2023 16:35:30 +0100 Subject: [PATCH 2/5] g: expand primary/subkey definition, linking to the "component key" term --- book/source/23-glossary.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/book/source/23-glossary.md b/book/source/23-glossary.md index 01d9dfe..425b76b 100644 --- a/book/source/23-glossary.md +++ b/book/source/23-glossary.md @@ -205,7 +205,7 @@ OpenPGP Private Key See {term}`Transferable Secret Key`. OpenPGP Primary Key - The primary key of an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](primary_key). + An {term}`OpenPGP Component Key` that is used in the primary key role of an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](primary_key). OpenPGP Signature See {term}`OpenPGP Signature Packet`. @@ -223,7 +223,7 @@ OpenPGP Signature Type The type of an {term}`OpenPGP Signature Packet` is defined by its {term}`Signature Type ID`. See [](signature_types). OpenPGP Subkey - A subkey of an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](subkeys). + An {term}`OpenPGP Component Key` that is used in the subkey role, in an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](subkeys). Owner See {term}`Certificate Holder`. From 7f7df00f43a8919d4a3f9464e7a56d6810262706 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Tue, 5 Dec 2023 20:37:48 +0100 Subject: [PATCH 3/5] g: delegation/trust signature --- book/source/23-glossary.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/book/source/23-glossary.md b/book/source/23-glossary.md index 425b76b..5a12791 100644 --- a/book/source/23-glossary.md +++ b/book/source/23-glossary.md @@ -76,7 +76,9 @@ CTB See {term}`Cipher Type Byte`. Delegation - See {term}`Trust signature` + OpenPGP users can [delegate authentication decisions](delegation) to third parties, and thus rely on {term}`certifications` they issue. The remote party is then called a "{term}`trusted introducer`". + + This kind of delegation involves {term}`certifications` that include the {term}`trust signature` subpacket. Direct Key Signature A {term}`Signature` that sets preferences and advertises features applicable to an entire {term}`Certificate`. See [](direct_key_signature). @@ -346,7 +348,12 @@ Trust Model A model by which trust between {term}`identities` associated with different {term}`OpenPGP Certificates` is created. See [](third_party_identity_certifications). Trust signature - a specific type of certification for a certificate, which marks that key as a "trusted introducer" (i.e. the party that creates the trust signature signals that they will trust certifications that the "trusted introducer" makes on certificates) + The *trust signature* subpacket on a certifying {term}`signature` is used for {term}`delegation` of {term}`authentication` decisions. With this feature, an OpenPGP user can designate a {term}`certificate` as a "{term}`trusted introducer`" and opt to rely on {term}`certifications` they issue. + +Trusted introducer + OpenPGP users can choose to rely on {term}`certifications` issued by a third party. The remote party of such a {term}`delegation` is called a "trusted introducer". + + See {ref}`delegation` for more details. TSK See {term}`Transferable Secret Key`. From 56c9da55dbe2f057a46023bf7ff0f4dfe301c6d7 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 29 Nov 2023 21:46:47 +0100 Subject: [PATCH 4/5] g: expand "certification" definition --- book/source/23-glossary.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/book/source/23-glossary.md b/book/source/23-glossary.md index 5a12791..8bf5b10 100644 --- a/book/source/23-glossary.md +++ b/book/source/23-glossary.md @@ -43,7 +43,9 @@ Certificate Holder A person or other entity, that holds an {term}`Transferable Secret Key` and thus is able to modify the accompanying {term}`OpenPGP Certificate`. Certification - "Third party Signature" on a certificate, making a statement about that {term}`certificate`, or an {term}`identity` in the {term}`certificate`. + A certification, in OpenPGP, is a signature that makes a statement about an {term}`identity` in a {term}`certificate`, or an entire {term}`certificate`. + + Most commonly, the term is applied to "[third-party certifications](third_party_cert)," in which an external actor indicates that they have {term}`validated` the link between an {term}`identity` and a {term}`certificate`. However, the term is also used for [self-signatures that bind identity components](bind_ident) to a {term}`certificate`. Certification Key Flag A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for issuing third-party {term}`certifications`. See [](capabilities_key_flags). From ab497ce6013386116e58f89f01d7b75cde5a6e97 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Tue, 5 Dec 2023 21:09:06 +0100 Subject: [PATCH 5/5] g: add "Binding Signature" --- book/source/23-glossary.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/book/source/23-glossary.md b/book/source/23-glossary.md index 8bf5b10..4819c9a 100644 --- a/book/source/23-glossary.md +++ b/book/source/23-glossary.md @@ -24,6 +24,11 @@ Authentication Tag Authenticity See {term}`Authentication`. +Binding Signature + A {term}`signature` on a {term}`component` which links that {term}`component` to a {term}`certificate`. + + See {ref}`binding_sigs` for more. + CA See {term}`Certification Authority`. @@ -89,7 +94,7 @@ Encryption Key Flag A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for encrypting data. See [](capabilities_key_flags). Expiration - A mechanism by which a {term}`Component` is invalidated due to the {term}`Expiration Time` of its binding signature being older than the {term}`Reference Time` by which it is validated. + A mechanism by which a {term}`Component` is invalidated due to the {term}`Expiration Time` of its {term}`binding signature` being older than the {term}`Reference Time` by which it is validated. Expiration Date Subpacket An {term}`OpenPGP Signature Subpacket Type` which defines the {term}`Expiration Time` for an {term}`OpenPGP Signature Packet`.