From 5e6a2c30a2171366049fbde23c0b55711b2b1b79 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travpc@gmail.com>
Date: Thu, 30 Aug 2018 15:00:14 -0600
Subject: [PATCH] Comment out the part where identity services can revoke their
 keys

They can't because otherwise 3rd party invites can be rejected by homeservers, as per https://github.com/matrix-org/matrix-doc/issues/1633
---
 specification/identity_service_api.rst | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/specification/identity_service_api.rst b/specification/identity_service_api.rst
index cb079593..d438f2c7 100644
--- a/specification/identity_service_api.rst
+++ b/specification/identity_service_api.rst
@@ -80,9 +80,11 @@ in a scheme ``algorithm:identifier``, e.g. ``ed25519:0``. When signing an
 association, the Matrix standard JSON signing format is used, as specified in
 the server-server API specification under the heading "Signing Events".
 
-In the event of key compromise, the identity service may revoke any of its keys.
-An HTTP API is offered to get public keys, and check whether a particular key is
-valid.
+.. TODO: Actually allow identity services to revoke all keys
+         See: https://github.com/matrix-org/matrix-doc/issues/1633
+.. In the event of key compromise, the identity service may revoke any of its keys.
+   An HTTP API is offered to get public keys, and check whether a particular key is
+   valid.
 
 The identity server may also keep track of some short-term public-private
 keypairs, which may have different usage and lifetime characteristics than the