Add input from Wiktor

book/source/04-certificates.md

@@ -13,11 +13,11 @@ First, without additional context, the word "key" can refer either to public, or
 
 Independent of the distinction between private and public keys, in OpenPGP, the term "key" is used to refer to three different layers, all related but distinct:
 
-- A (bare) "cryptographic key" (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
-- An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consist of a (bare) cryptographic keypair combined some invariant metadata (e.g. key creation time).
-- An "OpenPGP key", or "OpenPGP certificate": Consists of a number of component keys plus additional elements, such as identity information. (OpenPGP "key servers" serve this type of object).
+1. A (bare) "cryptographic key" (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
+2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consist of a (bare) cryptographic keypair combined some invariant metadata (e.g. key creation time).
+3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys plus additional elements, such as identity information. (e.g. OpenPGP "key servers" serve this type of object).
 
-In the following section, we'll look at these different layers.
+In the following section, we'll look at two OpenPGP-specific layers (2 and 3).
 
 
 ## Structure of OpenPGP certificates
@@ -30,7 +30,7 @@ An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number
 
 All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the key's owner: It can make cryptographic statements about subkeys, identities, expiration times, revocation, ...
 
-Note that OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidatedm, over the lifetime of a certificate
+Note that OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate
 
 ### OpenPGP component keys
 
@@ -58,7 +58,7 @@ Besides a cryptographic keypair, an OpenPGP component key contains additional me
 An OpenPGP component key
 ```
 
-For each OpenPGP component key, an *OpenPGP fingerprint* can be derived from the combination of the public key material and metadata:
+For each OpenPGP component key, an *OpenPGP fingerprint* can be derived from the combination of the public key material and creation timestamp (plus additional algorithm parameters, for [ECDH Keys](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-algorithm-specific-part-for-ecd)):
 
 ```{figure} diag/fingerprint.png
 ---
@@ -77,12 +77,13 @@ The "OpenPGP primary key" has the same structure as all other component keys. Bu
 - Its fingerprint is used as the unique identifier for the full OpenPGP certificate.
 - In addition, it is used for lifecycle operations (e.g. adding or invalidating subkeys or identities in a certificate)
 
+(The OpenPGP primary key has historically also sometimes informally been referred to as "master key".)
 
 #### Subkeys
 
 In addition to the primary key, modern OpenPGP certificates can contain "subkeys" in addition to the primary key.
 
-Subkeys have the same structure as the primary key, but play a subtly different role in the certificate.
+Subkeys have the same structure as the primary key, but play a subtly different role in the certificate. Subkeys are cryptographically linked with the primary key (more on this below).
 
 ```{figure} diag/with_subkeys.png
 ---
@@ -109,6 +110,8 @@ Only the primary key can perform "certification" operations. All other operation
 
 It is considered good practice to have separate component keys for each type of operation (specifically: to allow only *Certification* operations for the primary key, and to have separate *Signing*, *Encryption* and *Authentication* subkeys).
 
+(Aside: with ECC algorithms, it's actually not possible to share encryption functionality with the signing-based functionalities, e.g.: ed25519 used for signing; cv25519 used for encryption.)
+
 ### Identity components
 
 #### User IDs
@@ -187,6 +190,8 @@ Linking a User ID to an OpenPGP certificate
 
 ## Revocations
 
+Note: certification signatures [can be made irrevocable](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-revocable). 
+
 ### Hard vs. soft revocations
 
 
@@ -216,6 +221,10 @@ Minimized versions, merging, effective "append only" semantics, ...
 
 ### Metadata Leak of Social Graph
 
+### Adding unbound User IDs to a certificate
+
+Some OpenPGP subsystems may add User IDs to a certificate, which are not bound to the primary key by the certificate's owner. This can be useful to store local identity information (e.g. sequoia's public store).
+
 ## Zooming in: Package structure
 
 To use OpenPGP, we need "(OpenPGP) keys."
@@ -364,6 +373,13 @@ A minimal OpenPGP key, visualized
 
 Let's compare this with the same certificate seen as an armored "public" certificate (that is, a variant of the key above, but without the private key material. An OpenPGP user might give such a certificate to a communication partner, so that the remote party could send encrypted messages to the user):
 
+
+```{admonition} TODO
+:class: warning
+
+Show packet dump invocations.
+```
+
 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Comment: 6D10 0EB0 444D 1648 DAD9  A0EE DE83 CCF4 A204 F957