From bbb55a4c5f8845bb1670a4a9bab1aa125db21a41 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Sun, 3 Dec 2023 22:45:50 +0100 Subject: [PATCH] Fix missing half sentence --- book/source/04-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 3bf0e6a..daf8b3f 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -317,7 +317,7 @@ The expiration mechanism in OpenPGP is complemented by a mechanism to extend/ren Using the expiration mechanism is useful for two reasons: -- Expiration of a certificate reminds users of that certificate to poll for updates, for example, from a keyserver. that the certificate is not fresh and a newer version should be acquired. +- Expiration of a certificate means that it cannot be used anymore. This forces users of that certificate (or their OpenPGP software) to poll for updates for it. For example, from a keyserver. - It is a passive way for certificates to "time out," e.g., if their owner loses control over them, or isn't able to broadcast a revocation, for any reason. Component keys use *Key Expiration Time* subpackets for expressing the expiration time. Identity components rely on the expiration of their binding signature. If a binding signature expires, the binding becomes invalid, and the component is considered expired.