add slight clarification

2025-09-09 11:19:41 +02:00 · 2023-12-07 14:28:18 +01:00 · 2023-12-07 14:28:18 +01:00 · db1160e2c5
commit db1160e2c5
parent 2a2d0cd2d9
1 changed files with 3 additions and 1 deletions
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@ -334,7 +334,9 @@ Revoking the primary key with a [*Key revocation signature*](https://www.ietf.or

 #### Semantics of Revocations

-In contrast to expiration, revocation is typically final and not withdrawn.
+In contrast to expiration, revocation is typically final and not withdrawn[^undo-revocations].
+
+[^undo-revocations]: While some revocations can be reverted, undoing revocations is an uncommon workflow. Unlike expirations, which are commonly undone by extending the expiration time.

 A revocation indicates that the component should not be used. Revocation signatures over components use a [*Reason for Revocation*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#reason-for-revocation) subpacket to specify further details about the reason why the component or certification was revoked. The OpenPGP format specifies a set of distinct [values for *Reasons for Revocation*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#table-10), and additionally provides space for a human-readable free text field for comments about the revocation.