vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 11:49:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add more explanation to unbound User IDs

Browse source
This commit is contained in:
Wiktor Kwapisiewicz 2023-11-24 13:20:55 +01:00
parent c1a0c15168
commit c1fd344a9e
1 changed files with 3 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
book/source/04-certificates.md
View file

@ -450,10 +450,8 @@ Third-party certifications are published as part of the target certificate to fa
(unbound_user_ids)= (unbound_user_ids)=
### Adding unbound User IDs to a certificate ### Adding unbound User IDs to a certificate
```{admonition} TODO Some OpenPGP subsystems may add User IDs to a certificate, which are not bound to the primary key by the certificate's owner. This can be useful to store local identity information (e.g., Sequoia's public store attaches ["pet-names"][PET] to certificates, in this way).
:class: warning
references/links missing [PET]: https://sequoia-pgp.org/blog/2023/04/08/sequoia-sq/#an-address-book-style-trust-model
```
Some OpenPGP subsystems may add User IDs to a certificate, which are not bound to the primary key by the certificate's owner. This can be useful to store local identity information (e.g., Sequoia's public store attaches "pet-names" to certificates, in this way). Sequoia additionally certifies these foreign User IDs with the local trust root to facilitate authentication of certificates but marks all this additional signatures with a Non Exportable subpacket so that they are not visible when publishing the certificate e.g. on keyservers.