Re: Certificate suspension

[Johannes Merkle <johannes.merkle@xxxxxxxxxxx>]

Stephen,

for the Austrian social insurance card (e-card) two kind of
certificates are offered, which can only be suspended. If not
un-suspended within 72 hours, they are revoked. The reason for this
is that the card issuer was afraid of too many people temporarily
mislaying their cards and requesting revocation.

If you know German or know someone to translate, here is the CPS:
http://www.signatur.rtr.at/repository/csp-hauptverband-cps-vsig-092-20060726-de.pdf

regards,
Johannes Merkle


Stephen Wilson schrieb am 23.01.2008 02:49:
> 
> 
> I'm wondering to what extent is X.509 certificate suspension used in
> practice?
> 
> Most if not all publicly visible CPs describe suspension, in almost
> exactly the same way as they do revocation.  Yet in my experience, I
> cannot ever recall a commercial CA or a closed/vertical PKI actually
> doing suspensions.
> 
> To my mind, suspension is riddled with difficulties, not anticipated by
> the way CRLs work.  I could go into my concerns in a separate e-mail.
> But if anyone can point to suspension being offered in practice (or
> failing that, a critique of suspension) that would be appreciated!
> 
> Thanks in advance.
> 
> Cheers,
> 
> Stephen Wilson
> Managing Director
> Lockstep
> 
> Phone +61 (0)414 488 851
> 
> www.lockstep.com.au
> -------------------
>  * Lockstep Technologies: ICT Secrets of Innovation Finalist 2007
>  * Lockstep Technologies: Anthill / PwC Cool Company Finalist 2007
> -------------------
> Lockstep Consulting provides independent specialist advice and analysis
> on authentication, PKI and smartcards.  Lockstep Technologies develops
> unique new smart ID solutions that safeguard identity and privacy.
> 
> 
>