From 6a14882687e3d9f95876307a9d2418403b177744 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Wed, 22 Nov 2023 22:31:57 +0100
Subject: [PATCH] ch4: move certificate validity up

---
 book/source/04-certificates.md | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md
index 0b4e78f..f64ca9c 100644
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@@ -305,6 +305,18 @@ The popular [SKS keyserver network experienced certificate flooding firsthand](h
 
 ## Advanced topics
 
+### When are certificates valid?
+
+- Full certificate: Primary revoked/key expired/binding signature expired,
+- Subkey: Revoked/key expired/binding signature expired
+- User ID: revoked, binding expired, ...
+
+```{admonition} TODO
+:class: warning
+
+write, link to chapter 9
+```
+
 (append-only)=
 ### Certificates are effectively append-only data structures
 
@@ -484,18 +496,6 @@ Note that regardless of the OpenPGP version, software that relies on 8-byte Key
 
 The historical 4-byte "short Key IDs" format should not be used anywhere, anymore (finding collisions in a 32-bit keyspace has been [trivial for a long time](https://evil32.com/)).
 
-### When are certificates valid?
-
-- Full certificate: Primary revoked/key expired/binding signature expired,
-- Subkey: Revoked/key expired/binding signature expired
-- User ID: revoked, binding expired, ...
-
-```{admonition} TODO
-:class: warning
-
-write, link to chapter 9
-```
-
 (cert-freshness)=
 ### Certificate freshness: Triggering updates with expiration