From f0bca16ad3bd2a164bc93d56870be1a094fe3b71 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 22 Nov 2024 13:44:43 +0100 Subject: [PATCH] doc: Explain that qualified.txt is a legacy method. -- --- doc/gpgsm.texi | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 2cb50539a..dd0daf642 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -966,16 +966,20 @@ like this: @item qualified.txt @efindex qualified.txt -This is the list of root certificates used for qualified certificates. -They are defined as certificates capable of creating legally binding -signatures in the same way as handwritten signatures are. Comments -start with a hash mark and empty lines are ignored. Lines do have a -length limit but this is not a serious limitation as the format of the -entries is fixed and checked by @command{gpgsm}: A non-comment line starts with -optional whitespace, followed by exactly 40 hex characters, white space -and a lowercased 2 letter country code. Additional data delimited with -by a white space is current ignored but might late be used for other -purposes. +This is the legacy method to mark root certificates as usable for +qualified certificates. Qualified certificates are capable of +creating legally binding signatures in the same way as handwritten +signatures. The modern method to mark such root certificates is to +use the "qual" flag in the system trustlist.txt; see the gpg-agent man +page for details. + +Comments int his file start with a hash mark and empty lines are +ignored. Lines do have a length limit but this is not a serious +limitation as the format of the entries is fixed and checked by +@command{gpgsm}: A non-comment line starts with optional whitespace, +followed by exactly 40 hex characters, white space and a lowercased 2 +letter country code. Additional data delimited with by a white space +is current ignored but might late be used for other purposes. Note that even if a certificate is listed in this file, this does not mean that the certificate is trusted; in general the certificates listed