ACP 185
ACP 185
ACP 185
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
UNCLASSIFIED<br />
ANNEX A TO<br />
<strong>ACP</strong> <strong>185</strong><br />
1.24 Revocation & Suspension<br />
1.24.1 Circumstances for Revocation<br />
A certificate issued to a Subscriber shall be revoked:<br />
• Upon suspected or known compromise of the private key.<br />
• Upon suspected or known loss or compromise of the media holding the private key.<br />
• When a Subscriber or CA server fails to comply with obligations set out in the<br />
NDPKI CP, the relevant CPS, or any other agreement or applicable law.<br />
• When the identity or other attributes asserted in the certificate becomes invalid (e.g.<br />
following termination of affiliation or employment).<br />
In addition, if it is determined subsequent to issuance of new certificates that a private key used<br />
to sign requests for one or more additional certificates may have been compromised at the time<br />
the requests for additional certificates were made, all certificates authorised by directly, or<br />
indirectly, chaining back to that compromised key shall be revoked.<br />
1.24.2 Who Can Request Revocation<br />
Who can submit certificate revocation requests shall in accordance with the NDPKI CP.<br />
1.24.3 Procedure for Revocation Request<br />
All certificate revocation requests shall be processed and authorised in accordance with the<br />
NDPKI CP.<br />
1.24.4 Revocation Request Grace Period<br />
Subscribers and authorized PKI entities shall request the revocation of a certificate as soon as the<br />
need for revocation comes to their attention.<br />
In exceptional circumstances, the CMA may delay revoking the certificate.<br />
1.24.5 Time within which CA must Process the Revocation Request<br />
The time within which the CA shall process the revocation request shall be defined by the<br />
NDPKI PMA.<br />
1.24.6 Revocation Checking Requirements for Relying Parties<br />
It is the Relying Party’s responsibility to determine its requirements for revocation checking.<br />
Uncontrolled copy when printed<br />
1.24.7 CRL Issuance Frequency<br />
Subordinated CAs shall issue, and publish, an up to date CRL at intervals not exceeding 24<br />
hours. Interoperability CAs shall issue, and publish, an updated CRL at intervals not exceeding<br />
31 days.<br />
A-15<br />
UNCLASSIFIED