From 441936eb98d62207f63017dc73e196635fed235b Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Wed, 15 Nov 2023 00:02:54 +0100
Subject: [PATCH] ch4: new text about revocations

---
 book/source/04-certificates.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md
index ec3e9e1..cd4bdb7 100644
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@@ -229,11 +229,11 @@ Additionally, OpenPGP allows modeling User ID-specific preferences. The idea is
 
 ## Revocations
 
-```{admonition} TODO
-:class: warning
+When the owner of a certificate wants to invalidate some components of that certificate, or the entire certificate, they can do so by "revoking" the component in question. Revoking the primary key renders the entire certificate invalid.
 
-This section needs to be written
-```
+More on revoking components of a certificate in {ref}`self-revocations`.
+
+Note that there are other ways besides revocations in which components can become invalid. For example, the component's expiration time may have passed.
 
 ## Third-party (identity) certifications