improve "pitfalls of minimization" text

2025-09-09 11:19:41 +02:00 · 2023-12-04 00:15:01 +01:00 · 2023-12-04 00:15:01 +01:00 · b058afec44
commit b058afec44
parent 46a6ee1b39
1 changed files with 2 additions and 2 deletions
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@ -496,8 +496,8 @@ However, in a different context, the same certificate might be fetched to verify

 Disadvantages/risks of minimizing certificates:

- Does not present a full view of how the certificate (and the validity of its components) evolved over time.
- As other certificates are collected, third-party certifications that were previously unusable may become usable again. Dropping third-party certifications as a part of minimization prevents this mechanism.
+- A minimized certificate does not present a full view of how it (and the validity of its components) evolved over time.
+- As an OpenPGP instance learns about more certificates, third-party certifications that were previously unusable may become usable. Dropping third-party certifications by unknown issuers as a part of minimization prevents this mechanism.
 - Removing component keys that the minimizing implementation can't use means that the receiver does not receive a copy of those, even if *the receiver* supports them.
 - Refreshing certificates from key servers may inflate the certificate again, since OpenPGP certificates tend to act as [append-only structures](append-only).
 - Carelessly stripping all invalid components may make the certificate unusable. Some libraries, such as [anonaddy-sequoia](https://gitlab.com/willbrowning/anonaddy-sequoia/-/blob/master/src/sequoia.rs?ref_type=heads#L125) strip unusable encryption subkeys. However, at least one subkey is retained, even if all encryption subkeys are unusable. Even though this may leave only an expired encryption subkey in the certificate, this presents a better UX for the end-user who probably is still in possession of the private key for decryption.