EE re-enrollment will be integrated with the to-be-awarded "SCMS PoC extension" project as SCMS PoC release 3.0. Until then these are preliminary concepts.
Goals
All End Entities (EEs, including OBEs and RSEs) receive an Enrollment Certificate as part of a secure initial provisioning process (seeĀ Use Case 2: OBE Bootstrapping (Manual) andĀ Use Case 12: RSE Bootstrapping (Manual) for details). This certificate is used to authenticate the EE to an RA for all secured transactions with the SCMS. When this certificate approaches its expiration, the EE must be re-established to receive a new certificate. There are also cases where infrastructure components (such as an ICA or Root CA) may be revoked without directly impacting the EEs that have certificates that are chained back to the revoked component. The re-enrollment use cases describe secure procedures for maintaining the integrity and security of EE enrollment certificates in these situations.
Assumptions
The EE has a non-revoked, non-expired enrollment certificate and the EE has not been placed on the RA's blacklist.