Certificate suspension

[Stephen Wilson <swilson@xxxxxxxxxxxxxxx>]

I'm wondering to what extent is X.509 certificate suspension used in 
practice?

Most if not all publicly visible CPs describe suspension, in almost 
exactly the same way as they do revocation.  Yet in my experience, I 
cannot ever recall a commercial CA or a closed/vertical PKI actually 
doing suspensions.

To my mind, suspension is riddled with difficulties, not anticipated by 
the way CRLs work.  I could go into my concerns in a separate e-mail. 
But if anyone can point to suspension being offered in practice (or 
failing that, a critique of suspension) that would be appreciated!

Thanks in advance.

Cheers,

Stephen Wilson
Managing Director
Lockstep

Phone +61 (0)414 488 851

www.lockstep.com.au
-------------------
 * Lockstep Technologies: ICT Secrets of Innovation Finalist 2007
 * Lockstep Technologies: Anthill / PwC Cool Company Finalist 2007
-------------------
Lockstep Consulting provides independent specialist advice and analysis
on authentication, PKI and smartcards.  Lockstep Technologies develops
unique new smart ID solutions that safeguard identity and privacy.