From ff50c5046053b2f013255b061691d25ec45133e5 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Tue, 28 Nov 2023 18:44:56 +0100 Subject: [PATCH] ch4: local user ids --- book/source/04-certificates.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 7d36807..60a4388 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -581,13 +581,14 @@ So, there is some tension between the goals of - privacy related goals (also [see above](email-lookup), in the comparison of email-based certificate lookup mechanisms, which also touches on this theme). (unbound_user_ids)= -### Adding unbound User IDs to a certificate +### Adding unbound, local, User IDs to a certificate Some OpenPGP subsystems may add User IDs to a certificate, which are not bound to the primary key by the certificate's owner. This can be useful to store local identity information (e.g., Sequoia's public store attaches ["pet-names"][PET] to certificates, in this way). [PET]: https://sequoia-pgp.org/blog/2023/04/08/sequoia-sq/#an-address-book-style-trust-model -Sequoia additionally certifies these foreign User IDs with the local trust root to facilitate authentication of certificates but marks all this additional signatures with a Non Exportable subpacket so that they are not visible when publishing the certificate e.g. on keyservers. +Sequoia additionally certifies these "local, third party, User IDs" with a local trust root to facilitate local authentication decisions. +To prevent accidental publication of these local User IDs (e.g. to public keyservers), Sequoia marks these binding signatures as "local" artifacts using [Exportable Certification](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-exportable-certification) subpackets to mark them as non-exportable. (cert-flooding)= ### Third-party certification flooding