While both CRLs and OCSP have a defined syntax for conveying the
information of WHEN a certificate was revoked, neither is required to
indefinitely maintain this information as an historical record.
RFC 2459 does not require or recommend archiving revocation after expiry:
"An entry may be removed from the CRL after appearing on one regularly
scheduled CRL issued beyond the revoked certificate's validity period."
RFC 2560 makes such archival information optional for OCSP: 'An OCSP
responder MAY choose to retain revocation information beyond a
certificate's expiration. The date obtained by subtracting this retention
interval value from the producedAt time in a response is defined as the
certificate's "archive cutoff" date.'
Thus, since CRLs and OCSP responders are not normally set up as historical
archives, they do not facilitate determining if and when a certificate was
revoked when they are consulted long after the expiry date on the
certificate.