1 files changed, 15 insertions, 10 deletions

diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 8766250..463b6a6 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -632,16 +632,10 @@ remote machine.
 @itemx --disable-extended-key-format
 @opindex enable-extended-key-format
 @opindex disable-extended-key-format
-Since version 2.2.22 keys are created in the extended private key
-format by default.  Changing the passphrase of a key will also convert
-the key to that new format.  This key format is supported since GnuPG
-version 2.1.12 and thus there should be no need to disable it.
-Anyway, the disable option still allows to revert to the old behavior
-for new keys; be aware that keys are never migrated back to the old
-format.  If the enable option has been used the disable option won't
-have an effect.  The advantage of the extended private key format is
-that it is text based and can carry additional meta data.  In extended
-key format the OCB mode is used for key protection.
+These options are obsolete and have no effect.  The extended key format
+is used for years now and has been supported since 2.1.12.  Existing
+keys in the old format are migrated to the new format as soon as they
+are touched.
 
 @anchor{option --enable-ssh-support}
 @item --enable-ssh-support
@@ -829,6 +823,17 @@ CRL checking for the root certificate.
 If validation of a certificate finally issued by a CA with this flag set
 fails, try again using the chain validation model.
 
+@item qual
+The CA is allowed to issue certificates for qualified signatures.
+This flag has an effect only if used in the global list.  This is now
+the preferred way to mark such CA; the old way of having a separate
+file @file{qualified.txt} is still supported.
+
+@item de-vs
+The CA is part of an approved PKI for the German classification level
+VS-NfD.  It is only valid in the global trustlist.  As of now this is
+used only for documentation purpose.
+
 @end table