From c05d0394f2ae6ab39dbd04583db2bb81560d1d85 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 22 Nov 2023 19:21:55 +0100 Subject: [PATCH] Clarification from Paul via #121 --- book/source/04-certificates.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index d800c8a..9961d32 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -410,7 +410,9 @@ In addition, GnuPG offers two explicit methods for certificate minimization, des Some implementations, such as Sequoia, prefer to rely on the full historical set of self-signatures to construct a view of the certificate over time. This way, signatures can be verified at different reference times. In this model, removing superseded self-signatures can cause problems with the validation of historical signature. -An example for the tension between minimization and nuanced verification of the [temporal validity](temporal-validity) of signatures can be seen in the case of [rpm-sequoia](https://github.com/rpm-software-management/rpm-sequoia/issues/50#issuecomment-1689642607). To handle the limited availability of historical self-signatures on certificates in the wild, the rpm-sequoia implementation was adjusted to accept self-signatures that predate the existing self-signature for the signing key. +An example for the tension between minimization and nuanced verification of the [temporal validity](temporal-validity) of signatures can be seen in the case of [rpm-sequoia](https://github.com/rpm-software-management/rpm-sequoia/issues/50#issuecomment-1689642607). To handle the limited availability of historical self-signatures on certificates in the wild, the rpm-sequoia implementation was adjusted to accept binding self-signatures that predate the current self-signature of the primary key[^primary-self-sig]. + +[^primary-self-sig]: Which in OpenPGP version 4 is often a primary User ID binding signature. #### Autocrypt