From 6820d60661ae096963c6ecacc1921b909625d93b Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 22 Dec 2023 15:02:28 +0100 Subject: [PATCH 1/7] Identity certifications can be both self-signatures or third-party --- book/source/glossary.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/book/source/glossary.md b/book/source/glossary.md index d1bad65..e84c2ec 100644 --- a/book/source/glossary.md +++ b/book/source/glossary.md @@ -225,6 +225,10 @@ Identity Identity Certification An {term}`OpenPGP Signature Packet` on an {term}`Identity Component` which {term}`certifies` its {term}`authenticity`. + + Identity certifications can be issued either: + - by the certificate holder, as a {term}`self-signature`, or + - by a third party, as a {term}`third-party identity certifications`. Identity Claim A {term}`Certificate Holder` may use {term}`Identity Components` or {term}`Notations` to state a claim about their {term}`Identity`. From cf169edaf68d3f8da71810bcd6077f5236c538be Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 22 Dec 2023 15:06:02 +0100 Subject: [PATCH 2/7] Add link --- book/source/glossary.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/glossary.md b/book/source/glossary.md index e84c2ec..4e8363e 100644 --- a/book/source/glossary.md +++ b/book/source/glossary.md @@ -305,7 +305,7 @@ Life-cycle Management See [](self-signatures). Literal Data Packet - A packet which contains the plaintext data of an encrypted and/or signed message. See [RFC 5.9](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#lit) for more details. + A {term}`packet` which contains the plaintext data of an encrypted and/or signed message. See [RFC 5.9](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#lit) for more details. MAC See {term}`Message Authentication Code`. From 54bb1927c1781062e8743683ee039a595defb885 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 22 Dec 2023 15:14:09 +0100 Subject: [PATCH 3/7] Link "Trusted introducer" from "Meta Introducer" --- book/source/glossary.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/book/source/glossary.md b/book/source/glossary.md index 4e8363e..66b8adc 100644 --- a/book/source/glossary.md +++ b/book/source/glossary.md @@ -317,9 +317,9 @@ Message Authentication Code A piece of information used for integrity and {term}`authenticity` verification of a message. See [](message-authentication-code). Meta-Introducer - An {term}`OpenPGP Certificate` with a {term}`Trust Depth` greater than one. + An {term}`OpenPGP Certificate` that acts as a {term}`Trusted introducer` and has a {term}`Trust Depth` greater than one. - A meta-introducer can introduce other (meta-) introducers. + A meta-introducer can introduce other (meta-) {term}`introducers`. Metadata Data related to preferences of an {term}`OpenPGP Certificate` or its {term}`Certificate Holder`, that can be found in {term}`signature` {term}`packets`. See [](metadata-in-certificates). From e0c99b21a15cf63e36cd422af94800477a39cff0 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 22 Dec 2023 15:16:04 +0100 Subject: [PATCH 4/7] Adjust styling of "Meta Introducer" to the RFC (no dash) --- book/source/glossary.md | 4 ++-- book/source/signing_components.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/book/source/glossary.md b/book/source/glossary.md index 66b8adc..d3e07e5 100644 --- a/book/source/glossary.md +++ b/book/source/glossary.md @@ -316,10 +316,10 @@ Master Key Message Authentication Code A piece of information used for integrity and {term}`authenticity` verification of a message. See [](message-authentication-code). -Meta-Introducer +Meta Introducer An {term}`OpenPGP Certificate` that acts as a {term}`Trusted introducer` and has a {term}`Trust Depth` greater than one. - A meta-introducer can introduce other (meta-) {term}`introducers`. + A meta introducer can introduce other (meta-) {term}`introducers`. Metadata Data related to preferences of an {term}`OpenPGP Certificate` or its {term}`Certificate Holder`, that can be found in {term}`signature` {term}`packets`. See [](metadata-in-certificates). diff --git a/book/source/signing_components.md b/book/source/signing_components.md index 0e24ed9..c7d4286 100644 --- a/book/source/signing_components.md +++ b/book/source/signing_components.md @@ -241,7 +241,7 @@ OpenPGP uses [*trust signature*](https://www.ietf.org/archive/id/draft-ietf-open (trust-level)= #### Trust depth/level -The "{term}`trust depth`" (or {term}`level`) in OpenPGP signifies the extent of transitive {term}`delegation` within the {term}`authentication` process. It determines how far a {term}`delegation` can be extended from the original {term}`trusted introducer` to subsequent intermediaries. Essentially, a {term}`certificate` with a {term}`trust depth` of more than one acts as a "{term}`meta-introducer`," facilitating {term}`authentication` decisions across multiple levels in the network. +The "{term}`trust depth`" (or {term}`level`) in OpenPGP signifies the extent of transitive {term}`delegation` within the {term}`authentication` process. It determines how far a {term}`delegation` can be extended from the original {term}`trusted introducer` to subsequent intermediaries. Essentially, a {term}`certificate` with a {term}`trust depth` of more than one acts as a "{term}`meta introducer`," facilitating {term}`authentication` decisions across multiple levels in the network. A {term}`trust depth` of 1 means relying on {term}`certifications` made directly by the {term}`trusted introducer`. The user's OpenPGP software will accept {term}`certifications` made directly by the {term}`introducer` for {term}`authenticating` identities. From c6a020d8f7935608691d724bf64be8981a06a5f6 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 22 Dec 2023 15:31:00 +0100 Subject: [PATCH 5/7] Normalize link syntax --- book/source/glossary.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/book/source/glossary.md b/book/source/glossary.md index d3e07e5..ae47e74 100644 --- a/book/source/glossary.md +++ b/book/source/glossary.md @@ -49,12 +49,12 @@ Binary Signature Binding The process of creating a {term}`Binding Signature` for a {term}`Component`, or the resulting {term}`Binding Signature`. - See {ref}`binding-signatures` for more. + See [](binding-signatures) for more. Binding Signature A {term}`self-signature` on a {term}`component` which associates that {term}`component` to the issuing {term}`component key` in a {term}`certificate`. - See {ref}`binding-signatures` for more. + See [](binding-signatures) for more. CA See {term}`Certification Authority`. @@ -670,7 +670,7 @@ Trust Signature Trusted introducer OpenPGP users can choose to rely on {term}`certifications` issued by a third party. The remote party of such a {term}`delegation` is called a "trusted introducer". - See {ref}`delegation` for more details. + See [](delegation) for more details. TSK See {term}`Transferable Secret Key`. From 8865cbf0e116aec4e01e15195acb6da89ccb07a5 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 22 Dec 2023 15:40:05 +0100 Subject: [PATCH 6/7] Expand on "Authentication Key Flag" --- book/source/glossary.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/book/source/glossary.md b/book/source/glossary.md index ae47e74..c0a3bd5 100644 --- a/book/source/glossary.md +++ b/book/source/glossary.md @@ -32,7 +32,9 @@ Authentication The term "authentication" here is semantically different from the one used in {term}`Authentication Key Flag`. Authentication Key Flag - A {term}`Key Flag`, which indicates that a {term}`Component Key` can be used to confirm control over {term}`private key material` against a remote system. This is typically done to perform an authorative action, like logging into a system. The term "authentication" here is semantically different from {term}`Authentication`. See [](key-flags). + A {term}`Key Flag` which indicates that a {term}`Component Key` can be used to prove control over {term}`private key material` with a challenge-response mechanism. This is typically done to log into a remote system, often using the OpenSSH protocol. + + Note that the term "authentication" is used in a different context here than {term}`Authentication` of {term}`identity claims` that are associated with a {term}`certificate`. See [](key-flags). Authentication Tag See {term}`Message Authentication Code`. From ffa24596a4e77f25a27df3c12c7fcb350a00ccde Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 20 Dec 2023 10:55:51 +0100 Subject: [PATCH 7/7] Optimize away additional glossary hop --- book/source/glossary.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/glossary.md b/book/source/glossary.md index c0a3bd5..40c2fa3 100644 --- a/book/source/glossary.md +++ b/book/source/glossary.md @@ -574,7 +574,7 @@ Signature Type See {term}`OpenPGP Signature Type`. Signature Type ID - A numerical identifier for a {term}`Signature Type`. + A numerical identifier for a {term}`Signature Type`. Signature Verification In cryptography the mechanism of verification relates to a process in which a claim (i.e., a {term}`signature`) is tested (i.e., using the relevant {term}`components` of a {term}`certificate`).