From db1160e2c5d0d09362ad3048ad2ebd880c900bef Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Thu, 7 Dec 2023 14:28:18 +0100
Subject: [PATCH] add slight clarification

---
 book/source/04-certificates.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md
index a7df3e7..0119663 100644
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@@ -334,7 +334,9 @@ Revoking the primary key with a [*Key revocation signature*](https://www.ietf.or
 
 #### Semantics of Revocations
 
-In contrast to expiration, revocation is typically final and not withdrawn.
+In contrast to expiration, revocation is typically final and not withdrawn[^undo-revocations].
+
+[^undo-revocations]: While some revocations can be reverted, undoing revocations is an uncommon workflow. Unlike expirations, which are commonly undone by extending the expiration time.
 
 A revocation indicates that the component should not be used. Revocation signatures over components use a [*Reason for Revocation*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#reason-for-revocation) subpacket to specify further details about the reason why the component or certification was revoked. The OpenPGP format specifies a set of distinct [values for *Reasons for Revocation*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#table-10), and additionally provides space for a human-readable free text field for comments about the revocation.