ACP 185
ACP 185
ACP 185
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
UNCLASSIFIED<br />
ANNEX A TO<br />
<strong>ACP</strong> <strong>185</strong><br />
1.24.13 Circumstances for Suspension and Restoration<br />
CAs may support certificate suspension and restoration.<br />
1.24.13.1 Circumstances for Suspension<br />
For CAs that support suspension, a certificate shall be suspended when there is reason to believe<br />
that the binding between the subject and the subject’s public key defined within a certificate is<br />
not currently valid; or there is reason to question the security of the private key, but additional<br />
research is necessary to fully determine the status.<br />
Examples of circumstances that may lead to certificate suspension are:<br />
• The Subscriber for the certificate has misplaced the token containing the private key<br />
associated with the certificate, but believes that the token is in a protected location;<br />
• The PKI Sponsor is known or believed to have the token containing the private key<br />
associated with the certificate, and fails to appear at an expected duty location.<br />
1.24.13.2 Circumstances for Restoration<br />
For CAs that support suspension, a suspended certificate may be restored when the binding<br />
between the subject and the subject’s public key defined within a certificate is determined to still<br />
be valid or the question of the security of the private key is resolved and there was no<br />
compromise of the private key.<br />
Examples of circumstances that may result in certificate restoration are:<br />
• The Subscriber who previously reported a certificate token misplaced returns and<br />
verifies current possession of the token, that the token was where the Sponsor<br />
expected it to be and there is no evidence of tampering;<br />
• The Subscriber returns to duty in possession of the token and verifies it was always<br />
under appropriate control.<br />
1.24.14 Who can Request Suspension and Restoration<br />
1.24.14.1 Who Can Request Suspension<br />
Subscribers and PKI Sponsors shall be authorized to request suspension of their own certificates.<br />
Any member of the Subscriber’s or PKI Sponsor’s chain of command is authorized to request<br />
suspension of certificates.<br />
Uncontrolled copy when printed<br />
1.24.14.2 Who Can Request Restoration<br />
Subscribers and PKI Sponsors may request restoration of their own certificates.<br />
A-17<br />
UNCLASSIFIED