@@ -182,8 +183,51 @@ A [Membership](#membership) is to be considered valid if:
...
@@ -182,8 +183,51 @@ A [Membership](#membership) is to be considered valid if:
*`Issuer` matches signature's key ID
*`Issuer` matches signature's key ID
*`Membership` matches either `IN` or `OUT` value
*`Membership` matches either `IN` or `OUT` value
### Keychange
A keychange is a document describing changes to be applied to a [Public key](#public-key) for its components (OpenPGP key material) and membership state.
T | Type of change: either `F`,`N`,`U`,`L` or `B` for respectively `FOUNDER`,`NEWCOMER`,`UPDATE`,`LEAVER` and `BACK` meaning.
KeyPackets | OpenPGP key material field. Value is an OpenPGP packet list base64 encoded. Allowed packets are public key, user ID, self-certification, subkey and subkey binding packets.
CertificationPackets | OpenPGP key material field. Value is an OpenPGP packet list base64 encoded. Allowed packets are other keys' certification packets.
Membership | Field for writing [Membership](#membership) document data.
#### Coherence
Depending the provided `T` type, fields have different format requirements. Below is a table summing up the rules about it:
`FOUNDER` | KeyPackets | Must contain a single public key, plus a single user ID and self-certification packet. May contain subkeys and subkey bindings.
`FOUNDER` | CertificationPackets | Must NOT be provided.
`FOUNDER` | Membership | Must contain an `IN` membership with a `USER_ID` field matching exactly `KeyPackets` user ID.
`NEWCOMER` | KeyPackets | Same rule as `FOUNDER`.
`NEWCOMER` | CertificationPackets | May contain any number of other keys' certification packets.
`NEWCOMER` | Membership | Must contain an `IN` membership with a `USER_ID` field matching exactly `KeyPackets` user ID.
`UPDATE` | KeyPackets | May only contain subkeys and subkey bindings packets.
`UPDATE` | CertificationPackets | May contain any number of other keys' certification packets.
`UPDATE` | Membership | Must NOT be provided.
`LEAVER` | KeyPackets | Must NOT be provided.
`LEAVER` | CertificationPackets | Must NOT be provided.
`LEAVER` | Membership | Must contain an `OUT` membership without
`BACK` | KeyPackets | May only contain subkeys and subkey bindings packets.
`BACK` | CertificationPackets | May contain any number of other keys' certification packets.
`BACK` | Membership | Must contain an `IN` membership without `USER_ID` field.
### Keyblock
### Keyblock
A Keyblock is a document gathering public key informations in order to build a Web Of Trust (WoT) representation.
A Keyblock is a document gathering [keychanges](#keychange) in order to build a Web Of Trust (WoT) representation.
#### Structure
#### Structure
...
@@ -202,15 +246,8 @@ A Keyblock is a document gathering public key informations in order to build a W
...
@@ -202,15 +246,8 @@ A Keyblock is a document gathering public key informations in order to build a W