108 Alignment for revoation handling of short term certificates for PK and A certificates

Created: 11 Apr 2025

Status: Approval (Future Improvement)

Part: Part 9 (2023, Edition2)

Links:

Page: 68

Clause: 7.4.4.10.9

Paragraph: all

Issue

To make the security policy explicit if no revocation information is provided, the noRevAvail extension should be utilized also for public-key certificates, which is already considered for attribute certificates (table 2 and clause 7.4.5.8.3).
That way, an issuing CA can explicitly state, that for certain certificates revocation information will not be provided.
This avoids implicit assumptions about the availability of revocation information.

Proposal

Proposal to support extension also for Public Key Certificates.
Leads to
- enhancing Table 1 with the respective entry (also applying C2 as condition)
- own sub-clause for the verification, which essentially takes information from clauses 7.4.4.10.9 and 7.4.4.10.10 as well as the existing handling of the noRevAvail extension for attribute certificates in subclause 7.4.5.8.3.
- combination of CRLDP or AIA and noRevAvail is not allowed.

Discussion	Created	Status
Security Event added as future improvement (discussed during WG15 meeting 06/2025)	18 Jun 25	Approval (Future Improvement)
I like this idea.	22 May 25	Discussion (red)
Proposed text as seen in Attachement: - Attachement 1 contains the enhanced Table 1 - Attachement 2 contains an additional subclause for public-key certificates	11 Apr 25	Discussion (red)
Accepted to align revocation handling	11 Apr 25	Accepted

Privacy | Contact | Disclaimer

Tissue DB v. 25.7.7.1