ch4: move diagram up

book/source/04-certificates.md

@@ -343,6 +343,24 @@ This version of Alice's key contains just two packets:
 - The [*Secret-Key packet*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-secret-key-packet-formats) for the primary key, and
 - A [*Direct Key Signature*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-direct-key) (a self-signature that binds metadata to the primary key).
 
+This is the shape of the packets we'll be looking at, in the following two sections:
+
+```{figure} diag/key-minimal.png
+:width: 40%
+
+A minimal OpenPGP key, visualized
+```
+
+```{admonition} VISUAL
+:class: warning
+
+This diagram needs adjustments about
+ - what exactly is signed
+ - fix naming of fields?
+ 
+We could show repeat-copies of the individual packet visualization again, below for each packet-related section.
+```
+
 In the real world, you won't usually encounter an OpenPGP key that is quite this minimal. However, this is technically a valid OpenPGP key (and we'll add more components to it, later in this section).
 
 In ASCII-armored representation, this very minimal key looks like this:
@@ -556,12 +574,6 @@ The signature is calculated over a hash. The hash, in this case, is calculated o
 - A serialized form of the primary key's public data
 - A serialized form of this direct key signature packet (up to, but excluding the unhashed area)
 
-```{figure} diag/key-minimal.png
-:width: 40%
-
-A minimal OpenPGP key, visualized
-```
-
 ### Seen as a very minimal OpenPGP certificate
 
 Let's now look at a "public key" view of the (very minimal) OpenPGP key above. That is, the same data, but without the private key material parts. An OpenPGP user might give such a certificate to a communication partner, or upload it to a key server: