RE: Certificate suspension

["Andrews, Rick" <RAndrews@xxxxxxxxxxxx>]

Stephen,

VeriSign has supported suspension in only one case that I know of, where
we were issuing certs to be used with Identrus-compliant applications.
No one else requests it.

-Rick 

> -----Original Message-----
> From: owner-ietf-pkix@xxxxxxxxxxxx 
> [mailto:owner-ietf-pkix@xxxxxxxxxxxx] On Behalf Of Stephen Wilson
> Sent: Tuesday, January 22, 2008 5:50 PM
> To: ietf-pkix@xxxxxxxx
> Subject: Certificate suspension
> 
> 
> 
> I'm wondering to what extent is X.509 certificate suspension 
> used in practice?
> 
> Most if not all publicly visible CPs describe suspension, in 
> almost exactly the same way as they do revocation.  Yet in my 
> experience, I cannot ever recall a commercial CA or a 
> closed/vertical PKI actually doing suspensions.
> 
> To my mind, suspension is riddled with difficulties, not 
> anticipated by the way CRLs work.  I could go into my 
> concerns in a separate e-mail. 
> But if anyone can point to suspension being offered in 
> practice (or failing that, a critique of suspension) that 
> would be appreciated!
> 
> Thanks in advance.
> 
> Cheers,
> 
> Stephen Wilson
> Managing Director
> Lockstep
> 
> Phone +61 (0)414 488 851
> 
> www.lockstep.com.au
> -------------------
>   * Lockstep Technologies: ICT Secrets of Innovation Finalist 2007
>   * Lockstep Technologies: Anthill / PwC Cool Company Finalist 2007
> -------------------
> Lockstep Consulting provides independent specialist advice 
> and analysis on authentication, PKI and smartcards.  Lockstep 
> Technologies develops unique new smart ID solutions that 
> safeguard identity and privacy.
> 
> 
> 
>