--- a/spec/index-respec.html Thu Dec 01 17:13:43 2011 +0100
+++ b/spec/index-respec.html Thu Dec 01 18:07:09 2011 +0100
@@ -784,10 +784,9 @@
</section>
<section class='normative'>
<h1>Disabling a WebID Certificate</h1>
-<p>A <tref>WebID Certificate</tref> is only functional if the <tref>Client</tref> can call on
-
- to the public key published in the <tref> is associated with a private key which the <tref>Subject</tref> needs to take care of keeping secure.
-This can be done by keeping it in the keychain of a personal machine in an account that is password protected and free of viruses, or best of all on some physical device where the private key is inacessible to be read by any software.
+<p>A <tref>WebID Certificate</tref> identifies the <tref>Subject</tref> alone and no one else, if and only if she is the only one to control the corresponding privte key.
+It is very important therfore that the <tref>Subject</tref> take care of keeping the <tref>private key</tref> secure.
+This can be done by keeping it in the <tref>Key Chain</tref> of a personal machine in an account that is password protected and free of viruses, or best of all on some physical device where the private key is inacessible to be read by any software.
In the second case having the device implies that the <tref>private key</tref> has not been lost or copied.
In the first case the user has to be more careful for signals of misuse.<p>
<p>In either situation if the <tref>Subject</tref> is suspicious that his private key has been taken, then he can disable future authentications for that certificate by removing the corresponding <tref>public key</tref> from his <tref>WebID Profile</tref>.