Assumptions

The SCMS instance created for the CV Pilots shall be separate from the SCMS PoC instance
The ICA and subordinate certificates shall expire on or before 12:00:00 UTC January 3, 2025
- Estimated project expiration of 00:00:00 UTC January 1, 2025 + 60 hours (due to 1609.2 time unit restrictions)
No component certificates shall have a starting date after the end of the estimated project duration
The private keys of all component certificates subordinate to the root shall be destroyed at the end of the estimated project duration
The root certificate shall have an expiration of 70 years and an in-use lifetime of 20 years to support possible future activities
All components subordinate to the ICA have an in-use lifetime that is sufficiently short and requires at least one rollover (renewal) event during the estimated project duration
PKI hierarchy:
- The ICA, policy generator, CRL generator and MA certificates shall be issued directly by the Root CA
- The subtree below ICA is identical to that of the POC, i.e., it has one instance of all components: ECA, PCA, DCM, RA, and LA
Leap seconds declared after 00:00:00 UTC 1/1/2017 are not considered

Certificate Lifetime Overview

Definitions of available 1609.2 units of time used by certificates can be found in IEEE Std 1609.2-2016, Sections 6.4.14, 6.4.15 and 6.4.16. Note that the "years" duration is defined as a specific number of seconds.

The following tables provide the certificate expiration and renewal periods to be used for the CV pilot, Production instance deployment.

Certificate Generation	Start (1609.2 Time32)	Duration (1609.2 units)		Duration (TAI seconds)	Expiration (1609.2 Time32)	Start (UTC)	Expiration (UTC)	Notes
Root CA Certificate
	385,689,600	70	years	2,208,986,640	2,594,676,240	23:59:55 March 21, 2016 (Monday)	23:23:55 March 21, 2086 (Thursday)	ISS - Reference only
ICA Certificate
	410,313,605	1169	sixtyHours	252,504,000	662,817,605	00:00:00 January 1, 2017 (Sunday)	12:00:00 January 1, 2025 (Wednesday)
ECA Certificates
1	428,630,405	1084	sixtyHours	234,144,000	662,774,405	00:00:00 August 1, 2017 (Tuesday)	00:00:00 January 1, 2025 (Wednesday)
2	523,324,805	38736	hours	139,449,600	662,774,405	00:00:00 August 1, 2020 (Saturday)	00:00:00 January 1, 2025 (Wednesday)	Reduced Lifetime
PCA Certificates
1	428,662,805	35281	hours	127,011,600	555,674,405	09:00:00 August 1, 2017 (Tuesday)	10:00:00 August 10, 2021 (Tuesday)
2	460,112,405	35113	hours	126,406,800	586,519,205	09:00:00 July 31, 2018 (Tuesday)	10:00:00 August 2, 2022 (Tuesday)
3	491,562,005	35113	hours	126,406,800	617,968,805	09:00:00 July 30, 2019 (Tuesday)	10:00:00 August 1, 2023 (Tuesday)
4	523,011,605	35113	hours	126,406,800	649,418,405	09:00:00 July 28, 2020 (Tuesday)	10:00:00 July 30, 2024 (Tuesday)
5	554,461,205	30099	hours	108,356,400	662,817,605	09:00:00 July 27, 2021 (Tuesday)	12:00:00 January 1, 2025 (Wednesday)	Reduced Lifetime
6	585,910,805	21363	hours	76,906,800	662,817,605	09:00:00 July 26, 2022 (Tuesday)	12:00:00 January 1, 2025 (Wednesday)	Reduced Lifetime
7	617,965,205	12459	hours	44,852,400	662,817,605	09:00:00 August 1, 2023 (Tuesday)	12:00:00 January 1, 2025 (Wednesday)	Reduced Lifetime
8	649,414,805	3723	hours	13,402,800	662,817,605	09:00:00 July 30, 2024 (Tuesday)	12:00:00 January 1, 2025 (Wednesday)	Reduced Lifetime
RA, LA, DCM Certificates
1	428,630,405	26472	hours	95,299,200	523,929,605	00:00:00 August 1, 2017 (Tuesday)	00:00:00 August 8, 2020 (Saturday)	Leap Day
2	523,324,805	26448	hours	95,212,800	618,537,605	00:00:00 August 1, 2020 (Saturday)	00:00:00 August 8, 2023 (Tuesday)
3	617,932,805	12456	hours	44,841,600	662,774,405	00:00:00 August 1, 2023 (Tuesday)	00:00:00 January 1, 2025 (Wednesday)	Reduced Lifetime

CV Pilot Certificate Expiration Timelines - Certificate Expiration

Certificate Type	Issuing CA	Expiration	In Use	Request for Renewal	Start of Validity for Renewal	Number of Concurrently Valid Certificates (In-Use [+ Legacy])	Example Size in Bytes (Certs are Not Fixed Size)	Notes
OBE Enrollment	ECA	Variable	Same as expiration	N/A	N/A	1	87	All OBE enrollment certificates shall be issued with an expiration on or before 12:00:00 UTC January 3, 2025 regardless of the date they are issued
OBE Pseudonym	PCA	1 week + 1 hour	1 week	Anytime	1 week	20 + 20 (for just 1 hour)	91
OBE Identification	PCA	1 month + 1 hour	1 month	Anytime	1 month	1 + 1 (for just 1 hour)	89
RSE Enrollment	ECA	Variable	Same as expiration	N/A	N/A	1	109	All RSE enrollment certificates shall be issued with an expiration on or before 12:00:00 UTC January 3, 2025 regardless of the date they are issued
RSE Application	PCA	1 week + 1 hour	1 week	Anytime	1 week	1 + 1 (for just 1 hour)
Elector	Self	12 years	12 years	3 months before end of In-use	12 years	3 (1 per elector)	166	The initial elector certificates have an expiration and "in use" time of 4, 8 and 12 years, respectively

CV Pilot Certificate Expiration Timelines - Certificate Expiration and Renewal Guidelines

Renewal/Rollover Requirements

Expiration, In-use, and Overlap Requirements

Overview Diagrams

The following diagrams illustrate the expiration period of various certificate types. The diagrams show the specific duration of the certificate (valid from and to dates) only and do not account for setup time (request generation, signing ceremony, distribution, etc.). Each section shows the life of a single instance of a component under typical (non-compromised) conditions. If multiple instances exist, they would follow a similar pattern but the specific dates may be shifted within the validity period. Lifetimes may be adjusted in the future to account for leap seconds, rounding requirements or operational requirements.

Timeline depicting certificate expiration times

Attachments:

Certificate Expiration and Overlap.CV.png (image/png)

SCMS CV Pilots Documentation : CV Pilot PROD Certificate Expiration Timelines

Assumptions

Certificate Lifetime Overview

Renewal/Rollover Requirements

Overview Diagrams

Attachments: