Add news entry for 1pa3pc.

dist/templates/about/news.html.hbs

@@ -2,6 +2,41 @@
 <div class="about">
     <center><h2><a href="/about">About</a> | News | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | <a href="/about/privacy">Privacy</a></h2></center>
 
+    <h2 id="2021-09-20-1pa3pc">
+      <div style="float: right; font-size: small; line-height: 2em;">2021-09-20 📅</div>
+      <a style="color: black;" href="/about/news#2021-09-20-1pa3pc">Support for third-party certification signatures</a>
+    </h2>
+
+    <p>
+        To address the <a href="https://lwn.net/Articles/792366/">certificate-flooding attacks</a>, Hagrid used to strip third-party certifications from certificates.
+        Simply stripping third-party certifications does solve the problem of certificate flooding, but at the cost of breaking authentication models that require third-party certifications.
+
+    <p>
+        Hagrid is designed around the notion of Certificate Sovereignty, i.e. giving the certificate holder control over what is published with the certificate.
+        In line with this, rather than stripping certifications, a more nuanced way of preventing the flooding attack is to allow the certificate holder to chose what certifications should be distributed.
+
+    <p>
+        dkg devised such a mechanism &mdash; nicknamed <a href="https://gitlab.com/dkg/draft-openpgp-abuse-resistant-keystore/-/blob/master/draft-dkg-openpgp-abuse-resistant-keystore.md#first-party-attested-third-party-certifications-fpatpc">1pa3pc</a> for first-party attested third-party certifications &mdash; and <a href="https://gitlab.com/openpgp-wg/rfc4880bis/-/blob/main/rfc4880bis.md#attested-certifications-attested-certifications">refined</a> it in cooperation with Vincent Breitmoser and Werner Koch in the OpenPGP IETF working group.
+        Even though client support for this is currently limited to Sequoia, DKGPG, and PGPy, we are confident that other OpenPGP implementations will follow as soon as abuse-resistant key servers serve attested certifications.
+
+    <p>
+        To that end, we're happy to announce that keys.openpgp.org now serves attested third-party certifications.
+	You can see an example of such a certificate with a certification <a href="https://keys.openpgp.org/search?q=noemi-melissa%40probier.email">here</a>.
+
+    <p>
+        This attestation has been created using Sequoia's low-level key management functions:
+
+        <pre>
+$ sq key attest-certifications &lt;mykey.pgp &gt;mykey.attested.pgp
+$ sq key extract-cert &lt;mykey.attested.pgp &gt;mycert.attested.pgp
+      </pre>
+
+        By uploading <tt>mycert.attested.pgp</tt> to keys.openpgp.org, the certificate holder agrees to the attested certifications being published.
+	Note: if the certificate receives additional certifications the key holder will also have to test to these for keys.openpgp.org to publish them.
+
+    <p>
+        Looking forward to transparent support in clients and a comeback of strong certification-based authentication models 🙌
+
     <h2 id="2019-11-12-celebrating-100k">
       <div style="float: right; font-size: small; line-height: 2em;">2019-11-12 📅</div>
       <a style="color: black;" href="/about/news#2019-11-12-celebrating-100k">Celebrating 100.000 verified addresses! 📈</a>

dist/templates/atom.xml.hbs

@@ -4,6 +4,12 @@
   <link href="{{ base_uri }}/atom.xml" rel="self"/>
   <id>urn:uuid:8e783366-73b1-460e-83d3-42f01046646d</id>
   <updated>2019-11-12T12:00:00Z</updated>
+  <entry>
+    <title>Support for third-party certification signatures</title>
+    <link href="{{ base_uri }}/about/news#2021-09-20-1pa3pc" />
+    <updated>2021-09-21T12:00:00Z</updated>
+    <id>urn:uuid:aca50bf2-5310-4d6a-8ee1-d361be7ce201</id>
+  </entry>
   <entry>
     <title>Celebrating 100.000 verified addresses! 📈</title>
     <link href="{{ base_uri }}/about/news#2019-11-12-celebrating-100k" />

dist/templates/index.html.hbs

@@ -25,7 +25,7 @@
   <hr />
 
   <p>
-    <strong>{{ text "News:" }}</strong> {{ text "<a href=\"/about/news#2019-11-12-celebrating-100k\">Celebrating 100.000 verified addresses! 📈</a> (2019-11-12)" }}
+    <strong>{{ text "News:" }}</strong> {{ text "<a href=\"/about/news#2021-09-20-1pa3pc\">Support for third-party certification signatures</a> (2021-09-21)" }}
   </p>
   {{/with}}
 {{/layout}}

po/hagrid/de.po

@@ -107,11 +107,9 @@ msgstr "News:"
 
 #: src/gettext_strings.rs:16
 msgid ""
-"<a href=\"/about/news#2019-11-12-celebrating-100k\">Celebrating 100.000 "
-"verified addresses! 📈</a> (2019-11-12)"
+"<a href=\"/about/news#2021-09-20-1pa3pc\">Support for third-party "
+"certification signatures</a> (2021-09-21)"
 msgstr ""
-"<a href=\"/about/news#2019-11-12-celebrating-100k\">Wir feiern 100.000 "
-"überprüfte Adressen! 📈</a> (2019-11-12)"
 
 #: src/gettext_strings.rs:17
 msgid "v{{ version }} built from"
@@ -481,3 +479,10 @@ msgstr "Zeitlimit beim Hochladen abgelaufen. Bitte versuch es erneut."
 #: src/web/vks.rs:284
 msgid "Invalid verification link."
 msgstr "Ungültiger Bestätigungs-Link."
+
+#~ msgid ""
+#~ "<a href=\"/about/news#2019-11-12-celebrating-100k\">Celebrating 100.000 "
+#~ "verified addresses! 📈</a> (2019-11-12)"
+#~ msgstr ""
+#~ "<a href=\"/about/news#2019-11-12-celebrating-100k\">Wir feiern 100.000 "
+#~ "überprüfte Adressen! 📈</a> (2019-11-12)"

po/hagrid/en.po

@@ -103,8 +103,8 @@ msgstr "News:"
 
 #: src/gettext_strings.rs:16
 msgid ""
-"<a href=\"/about/news#2019-11-12-celebrating-100k\">Celebrating 100.000 "
-"verified addresses! 📈</a> (2019-11-12)"
+"<a href=\"/about/news#2021-09-20-1pa3pc\">Support for third-party "
+"certification signatures</a> (2021-09-21)"
 msgstr ""
 
 #: src/gettext_strings.rs:17

po/hagrid/hagrid.pot

@@ -91,7 +91,7 @@ msgid "News:"
 msgstr ""
 
 #: src/gettext_strings.rs:16
-msgid "<a href=\"/about/news#2019-11-12-celebrating-100k\">Celebrating 100.000 verified addresses! 📈</a> (2019-11-12)"
+msgid "<a href=\"/about/news#2021-09-20-1pa3pc\">Support for third-party certification signatures</a> (2021-09-21)"
 msgstr ""
 
 #: src/gettext_strings.rs:17

po/hagrid/ja.po

@@ -107,8 +107,8 @@ msgstr "ニュース:"
 
 #: src/gettext_strings.rs:16
 msgid ""
-"<a href=\"/about/news#2019-11-12-celebrating-100k\">Celebrating 100.000 "
-"verified addresses! 📈</a> (2019-11-12)"
+"<a href=\"/about/news#2021-09-20-1pa3pc\">Support for third-party "
+"certification signatures</a> (2021-09-21)"
 msgstr ""
 
 #: src/gettext_strings.rs:17

src/gettext_strings.rs

@@ -13,7 +13,7 @@ fn _dummy() {
     t!("You can also <a href=\"/upload\">upload</a> or <a href=\"/manage\">manage</a> your key.");
     t!("Find out more <a href=\"/about\">about this service</a>.");
     t!("News:");
-    t!("<a href=\"/about/news#2019-11-12-celebrating-100k\">Celebrating 100.000 verified addresses! 📈</a> (2019-11-12)");
+    t!("<a href=\"/about/news#2021-09-20-1pa3pc\">Support for third-party certification signatures</a> (2021-09-21)");
     t!("v{{ version }} built from");
     t!("Powered by <a href=\"https://sequoia-pgp.org\">Sequoia-PGP</a>");
     t!("Background image retrieved from <a href=\"https://www.toptal.com/designers/subtlepatterns/subtle-grey/\">Subtle Patterns</a> under CC BY-SA 3.0");

templates-untranslated/about/news.html.hbs

@@ -1,6 +1,41 @@
 <div class="about">
     <center><h2><a href="/about">About</a> | News | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | <a href="/about/privacy">Privacy</a></h2></center>
 
+    <h2 id="2021-09-20-1pa3pc">
+      <div style="float: right; font-size: small; line-height: 2em;">2021-09-20 📅</div>
+      <a style="color: black;" href="/about/news#2021-09-20-1pa3pc">Support for third-party certification signatures</a>
+    </h2>
+
+    <p>
+        To address the <a href="https://lwn.net/Articles/792366/">certificate-flooding attacks</a>, Hagrid used to strip third-party certifications from certificates.
+        Simply stripping third-party certifications does solve the problem of certificate flooding, but at the cost of breaking authentication models that require third-party certifications.
+
+    <p>
+        Hagrid is designed around the notion of Certificate Sovereignty, i.e. giving the certificate holder control over what is published with the certificate.
+        In line with this, rather than stripping certifications, a more nuanced way of preventing the flooding attack is to allow the certificate holder to chose what certifications should be distributed.
+
+    <p>
+        dkg devised such a mechanism &mdash; nicknamed <a href="https://gitlab.com/dkg/draft-openpgp-abuse-resistant-keystore/-/blob/master/draft-dkg-openpgp-abuse-resistant-keystore.md#first-party-attested-third-party-certifications-fpatpc">1pa3pc</a> for first-party attested third-party certifications &mdash; and <a href="https://gitlab.com/openpgp-wg/rfc4880bis/-/blob/main/rfc4880bis.md#attested-certifications-attested-certifications">refined</a> it in cooperation with Vincent Breitmoser and Werner Koch in the OpenPGP IETF working group.
+        Even though client support for this is currently limited to Sequoia, DKGPG, and PGPy, we are confident that other OpenPGP implementations will follow as soon as abuse-resistant key servers serve attested certifications.
+
+    <p>
+        To that end, we're happy to announce that keys.openpgp.org now serves attested third-party certifications.
+	You can see an example of such a certificate with a certification <a href="https://keys.openpgp.org/search?q=noemi-melissa%40probier.email">here</a>.
+
+    <p>
+        This attestation has been created using Sequoia's low-level key management functions:
+
+        <pre>
+$ sq key attest-certifications &lt;mykey.pgp &gt;mykey.attested.pgp
+$ sq key extract-cert &lt;mykey.attested.pgp &gt;mycert.attested.pgp
+      </pre>
+
+        By uploading <tt>mycert.attested.pgp</tt> to keys.openpgp.org, the certificate holder agrees to the attested certifications being published.
+	Note: if the certificate receives additional certifications the key holder will also have to test to these for keys.openpgp.org to publish them.
+
+    <p>
+        Looking forward to transparent support in clients and a comeback of strong certification-based authentication models 🙌
+
     <h2 id="2019-11-12-celebrating-100k">
       <div style="float: right; font-size: small; line-height: 2em;">2019-11-12 📅</div>
       <a style="color: black;" href="/about/news#2019-11-12-celebrating-100k">Celebrating 100.000 verified addresses! 📈</a>