From b058afec44aa3edf03c985ef2e3ba14a1ce70d44 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Mon, 4 Dec 2023 00:15:01 +0100 Subject: [PATCH] improve "pitfalls of minimization" text --- book/source/04-certificates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index c63a4ce..2e750d7 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -496,8 +496,8 @@ However, in a different context, the same certificate might be fetched to verify Disadvantages/risks of minimizing certificates: -- Does not present a full view of how the certificate (and the validity of its components) evolved over time. -- As other certificates are collected, third-party certifications that were previously unusable may become usable again. Dropping third-party certifications as a part of minimization prevents this mechanism. +- A minimized certificate does not present a full view of how it (and the validity of its components) evolved over time. +- As an OpenPGP instance learns about more certificates, third-party certifications that were previously unusable may become usable. Dropping third-party certifications by unknown issuers as a part of minimization prevents this mechanism. - Removing component keys that the minimizing implementation can't use means that the receiver does not receive a copy of those, even if *the receiver* supports them. - Refreshing certificates from key servers may inflate the certificate again, since OpenPGP certificates tend to act as [append-only structures](append-only). - Carelessly stripping all invalid components may make the certificate unusable. Some libraries, such as [anonaddy-sequoia](https://gitlab.com/willbrowning/anonaddy-sequoia/-/blob/master/src/sequoia.rs?ref_type=heads#L125) strip unusable encryption subkeys. However, at least one subkey is retained, even if all encryption subkeys are unusable. Even though this may leave only an expired encryption subkey in the certificate, this presents a better UX for the end-user who probably is still in possession of the private key for decryption.