vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 03:39:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

ch4: move certificate validity up

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-22 22:31:57 +01:00
parent 85b96564a8
commit e72f9311ec
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 12 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

25
book/source/04-certificates.md
View file

@ -238,9 +238,20 @@ The popular [SKS keyserver network experienced certificate flooding firsthand](h
This section needs to be written
```
## Advanced topics
### When are certificates valid?
- Full certificate: Primary revoked/key expired/binding signature expired,
- Subkey: Revoked/key expired/binding signature expired
- User ID: revoked, binding expired, ...
```{admonition} TODO
:class: warning
write, link to chapter 9
```
(append-only)=
### Certificates are effectively append-only data structures
@ -419,18 +430,6 @@ Note that regardless of the OpenPGP version, software that relies on 8-byte Key
The historical 4-byte "short Key IDs" format should not be used anywhere, anymore (finding collisions in a 32-bit keyspace has been [trivial for a long time](https://evil32.com/)).
### When are certificates valid?
- Full certificate: Primary revoked/key expired/binding signature expired,
- Subkey: Revoked/key expired/binding signature expired
- User ID: revoked, binding expired, ...
```{admonition} TODO
:class: warning
write, link to chapter 9
```
(cert-freshness)=
### Certificate freshness: Triggering updates with expiration