What I like about this Sign angle is that it treats revocation like what it actually is.
Basic trust hygiene.
Not some extra feature.
Not a nice-to-have.
Not “maybe later.”
If keys get compromised, terms change, or someone signs something they absolutely should not stay tied to, there has to be an exit. A real one. Clear rules. Clear authority. Clear record.
That’s the part I keep coming back to.
Because a signature is only trustworthy if there’s also a trustworthy way to say: this no longer stands.
And that part can’t be vague.
Who can revoke?
When?
How?
What gets recorded?
Can everyone see it?
If the answer is fuzzy, users stay exposed. Worse, old signatures keep floating around like they still mean something.
So yeah, revocation sounds boring.
It’s also one of the most important parts.
Because without a visible way to kill bad or outdated signatures, “trust infrastructure” is really just permanent liability with better branding.