Goals

The goal is to revoke an ICA certificate from the SCMS System.

Background and Strategic Fit

The Technical Component of the SCMS Manager (TCotSCMSM), a local ICA Manager, or the Misbehavior Authority, determines that an Intermediate Certificate Authority (ICA) needs to be revoked. The TCotSCMSM contacts the appropriate CRLG (as indicated in the ICA certificate, see the CRL Series Diagram for details) and adds the impacted ICA to the CRL. On receiving and validating the new CRL, all components will cease to trust the ICA and any certificates that chain back to the ICA.

Impacted components may include ECA, RA, PCA, LA and any EEs enrolled through an impacted ECA. All end-entity devices (EE) whose enrollment or application certificates chain back to the revoked ICA should obtain new enrollment or application certificates as soon as possible (the SCMS Manager may set performance requirements for how quickly this must happen). The SCMS will provide re-enrollment processes at a later stage.

All EEs whose pseudonym, application, or identification certificates chain back to the impacted ICA will cease to use those certificates. They shall request new certificates.

The TCotSCMSM will inform the Policy Generator (PG) to update the GCCF and remove all component certificates that chain back to the revoked ICA. The new GCCF will be distributed to all un-revoked RAs, which will incorporate the new lists in the next LCCF that they issue.

Assumptions

  • The local ICA Manager will coordinate with the TCotSCMSM when revoking an ICA
  • If the MA determines that an ICA shall be revoked, it will notify the TCotSCMSM. This will not be an automated process.
  • The TCotSCMSM will inform the local ICA Manager when revoking an ICA

Requirements

Attachments:

Untitled4.png (image/png)
Untitled3.pdf (application/pdf)
Untitled2.jpg (image/jpeg)
Untitled1.png (image/png)
Untitled13.png (image/png)