Goals

The goal is to provide the CRL file from the CRL Store (a component of the MA) to the EE when requested.

Background and Strategic Fit

The EE must be aware of revoked entities.

Assumptions

  • One or more CRLs have been generated, signed by the CRL Generator, put into a CRL file, and has been made available to the CRL Store
  • The CRL Store is able to validate cryptographically the signature on the CRL file prior to making it available for download
    The EE is able to download the CRL by issuing a CRL HTTP get request to the CRL Store.
  • The CRL Store will not authenticate the EE, i.e., CRL Store will not require that EE sends its enrollment certificate for authentication purposes
  • OBE has successfully executed Use Case 2: OBE Bootstrapping (Manual)

Process Steps

  1. OBE downloads the CRL using the API documented inĀ MA - Download CRL

ASN.1 Specification

IEEE 1609.2 specifies CRLs in: https://github.com/wwhyte-si/1609dot2-asn/blob/master/crl-protocol.asn