On 09/29/2016 12:23 PM, John Lane wrote:
I was just wondering whether I've misunderstood
No, you understood well. What we commonly call an "OpenPGP public key" should really be called, strictly speaking, an "OpenPGP certificate". And "signing a key" is really "certifying" the binding between a (true) public key and an user ID.
or if there is some historic reason for my confusion.
It seems there is, according to one of the authors of RFCs 2440 and 4880. Apparently, at the time they were told by the IETF to avoid speaking of "certificates" so that OpenPGP would not seem to rivalize with PKIX [1].
Network Associates did not have this concern, and in their "Introduction to Cryptography" [2] they clearly talk about "PGP certificates" instead of "PGP public keys".
Damien [1] http://www.ietf.org/mail-archive/web/openpgp/current/msg07712.html [2] ftp://ftp.pgpi.org/pub/pgp/6.5/docs/english/IntroToCrypto.pdf
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
