Not quite "ambivalent", since it is specific to prohibit suspension of CA certificates and leaves no binding requirements on the implementor for end entity certificates, but states that it is allowed.
I feel the ability to suspend technically, not the requirements of any particular policy, has compelled organizations to provide for a counter signing process when performing a digital signature transaction. It is perceived that it helps to capture the validity of the signers certificate, at the time of signing, for future validation. That is, if that organization ever choses to honor certificates from CAs whom support suspension.
Technical suspension is a completely useful tool in the world of authentication and authorization.
Scott Rea wrote:
Yet the Shared Service Provider for both HHS and VA does support suspension and the Federal Common Policy Framework CP is ambivalent on this point - allowing each agency to choose-Scott Todd E. Johnson wrote:The U.S. Treasury does not support suspension mainly due to obvious issues encountered with digital signature related transactions, and future validation of those transactions. The problem is, if you are willing to honor signatures produced using certificates from an infrastructure that does support suspension, you wind up in the same boat. It has been a topic of much debate.
-- Regards, Todd E. Johnson