From fd0f0fe713c4a4298f93d2d8592adbb84c240d3d Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Sat, 28 Oct 2023 13:30:18 +0200 Subject: [PATCH] ch8: add clarifications --- book/source/08-signing_components.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/book/source/08-signing_components.md b/book/source/08-signing_components.md index 45847f1..be891ad 100644 --- a/book/source/08-signing_components.md +++ b/book/source/08-signing_components.md @@ -66,9 +66,9 @@ This key flag is only necessary to issue valid third-party certifications. One important class of self-signatures are revocations. -A revocation is used to retract the statement formed by a prior signature. +A revocation signature is used to retract the statement formed by a prior signature. A subkey revocation signature revokes a prior subkey binding signature, while a certification revocation revokes a certification signature. -Typical use-cases for revocations are marking certificates or individual subkeys as unusable, or marking User IDs as no longer used. +Typical use-cases for revocations are marking certificates or individual subkeys as unusable (for example, when the private key has been compromised or superseded), or marking User IDs as no longer used. A revocation signature can either be hard or soft. A soft revocation of a certificate invalidates it from the revocation signature's creation time onwards. This means signatures issued before the revocation remain intact. A hard revocation, by contrast, invalidates the certificate retroactively, rendering all issued signatures invalid, regardless of creation time. Soft revocations are typically used whenever a key or User ID is retired or superseded gracefully, while hard revocations can, for example, signal compromise of secret key material.