1. 03 Sep, 2020 2 commits
  2. 31 Aug, 2020 2 commits
  3. 10 Jun, 2020 1 commit
    • Yutaka Niibe's avatar
      Fix signature packet description for EdDSA · 750b19f4
      Yutaka Niibe authored
      The first change is that: In EdDSA, R is an EC point (not an integer
      like ECDSA).  The (compressed) format of an EC point in EdDSA is
      described at another part in the document.
      The second change is that: In EdDSA, S is an integer.  An expression
      "compressed" is not relevant here.  It is little endian in the native
      semantics, but is put in MPI.  Well, the description of mine here is
      still too short and ambiguous, which is needed fix later.
  4. 28 Apr, 2020 2 commits
  5. 02 Apr, 2020 1 commit
  6. 12 Mar, 2020 3 commits
    • Werner Koch's avatar
      Introduce the Key Block subpacket to align OpenPGP with CMS. · 30d8397c
      Werner Koch authored
      This new subpacket may be used similar to the CertificateSet of
      CMS (RFC-5652) and thus allows to start encrypted communication after
      having received a signed message.  In practice a stripped down version
      of the key should be including having only the key material and the
      self-signatures which are really useful and shall be used by the
      recipient to reply encrypted.
    • Werner Koch's avatar
      Typo fix · 669f73f7
      Werner Koch authored
    • Werner Koch's avatar
      Revert to the RFC4880 requirement of having a User ID. · 6fd718d3
      Werner Koch authored
      With the below referenced patch Derek Atkins integrated his
      "Device-Certificate Draft" to allow the use of a stripped down OpenPGP
      key by space constrained devices.  The draft was never meant as a
      general lifting of requirements which were intentionally introduced
      when formalizing the old PGP 2 formats as OpenPGP.  This patch
      clarifies this.
      Fixes-commit: 3c3120a0Signed-off-by: Werner Koch's avatarWerner Koch <[email protected]>
  7. 09 Mar, 2020 1 commit
  8. 11 Nov, 2019 19 commits
  9. 31 Oct, 2019 3 commits
    • Werner Koch's avatar
      Add hacks to at least build again on Debian 10 · 52479b36
      Werner Koch authored
      There is some trouble with the new xsltproc or the DTD.   With this
      change we can at least build things but references don't work.  See
      the bug report.
    • Werner Koch's avatar
      Add the adjusted Makefile · 81a59a60
      Werner Koch authored
      (Not using Magit leads to such overviews ;-)
    • Werner Koch's avatar
      Add tools to the repo · dd22f407
      Werner Koch authored
      It seems that the current tools availabale in Debian do not work as
      expected.  I have always used a local installation of pandoc2rfc which
      is now included in the repo for more consistent results.
      I tested this on a new Devuan ASCII (based on Debian 9) and the only
      change are lightly different page breaks.
  10. 06 Sep, 2019 3 commits
  11. 05 Sep, 2019 1 commit
  12. 29 Aug, 2019 1 commit
    • Daniel Kahn Gillmor's avatar
      Constrain Attested Certifications to their own signature type · d42ff740
      Daniel Kahn Gillmor authored
      This change introduces a new signature type, Attestation Key
      Signature, which is designed only to hold a Attested Certifications
      This has a few nice points:
       * legacy clients that update self-sigs won't accidentally clobber or
         remove an Attested Certifications subpacket they don't understand
       * the cadence of updating attestations is decoupled from the cadence
         of updating self-sigs
       * a minimized certificate doesn't need to publish any attestations at
       * We have a semantic "green field" when it comes to reasoning about
         the interactions between multiple potentially conflicting
         Attestations: in particular, we can be explicit about how to
         interpret multiple Attestation Key Signatures with varying
         Signature Creation Time subpackets.
       * given the above, we can avoid any limits on the number of
         certifications the first party can attest to, because they can
         generate multiple Attestation Key Signatures with the same
      These changes were suggested by Werner Koch and Vincent Breitmoser on
      the [email protected] mailing list.
      Signed-off-by: Daniel Kahn Gillmor's avatarDaniel Kahn Gillmor <[email protected]>
  13. 28 Aug, 2019 1 commit
    • Daniel Kahn Gillmor's avatar
      Describe "Attested Certifications" subpacket · eedb828e
      Daniel Kahn Gillmor authored
      The "no-modify" flag in the Key Server Preferences subpacket has never
      had a clear indication of how a keyserver can effectively respect it.
      This changeset describes an "Attested Certifications" subpacket that
      makes "no-modify" actionable by a keyserver.  A keyserver that
      respects this flag will only redistribute third-party certifications
      that have been attested to by the certificate owner.
      Signed-off-by: Daniel Kahn Gillmor's avatarDaniel Kahn Gillmor <[email protected]>