From 0b8e844a97357c62dcec574fbc5de0c8fd95b5ed Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 29 Nov 2023 11:31:44 +0100 Subject: [PATCH] ch4a: edit --- book/source/04-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index d3fe5e6..cea5383 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -354,7 +354,7 @@ On the other hand, if the subkey was merely retired, and the certificate holder OpenPGP certificates act as *append-only data structures*, in practice. By this, we mean that packets that are associated with a certificate cannot be "recalled", once they were published. Third parties (such as other users, or keyservers) may keep and/or distribute copies of those packets. -While it is not possible to "remove" elements, once they were publicly associated with an OpenPGP certificate, it is possible to invalidate them by adding new metadata to the certificate. This new metadata could set an *expiration time* on a component, or explicitly *revoke* that component. In both cases, no packets are removed from the certificate. +While it is not possible to *remove* elements, once they were publicly associated with an OpenPGP certificate, it is possible to invalidate them by adding new metadata to the certificate. This new metadata could set an *expiration time* on a component, or explicitly *revoke* that component. In both cases, no packets are removed from the certificate. Invalidation resembles removal of a component in a semantical sense. The component is not a valid element of the certificate anymore, at least starting from some point in time. Implementations that handle the certificate may omit the invalid component in their representation.