ISSUE-27: [Policy] Is revocation in scope

[Policy] Is revocation in scope

Security Policy Framework — General
Raised by:
Frederick Hirsch
Opened on:
RESOLUTION: Scope excludes UA requirements relating to support for revocation, including support for specific certificate profiles, OSCP profiles, or any requirement to support certificate status/CRL checking. Scope includes ensuring there is provision within any formats or policy or trust model that may be necessary, under reasonably foreseeable use cases, to allow such requirements to be specified independently.

Is revocation in scope of the DAP policy v1, or should it be deferred to

Proposal: defer to

Rationale: More than one mechanism might be used to implement revocation, so it can be deployment specific.

For example, one could consider

1. Associated X.509 certificate revocation, either by CRL or OCSP

2. Reputation/Community based revocation as suggested by Marcos in position paper

3. Non-X.509 directory listing

If this is not deferred we probably would need to define a "Revocation decision point" by URI and not define the details of that point.
Related Actions Items:
No related actions
Related emails:
  1. Draft minutes 2009-10-07 (from on 2009-10-07)
  2. Re: ISSUE-27: [Policy] Is revocation in scope [Security Policy Framework — General] (from on 2009-10-07)
  3. Agenda - Distributed Meeting 2009-10-07 (from on 2009-10-06)
  4. ISSUE-27: [Policy] Is revocation in scope [Security Policy Framework — General] (from on 2009-10-06)

Related notes:

No additional notes.

Display change log ATOM feed

Anssi Kostiainen <>, Reilly Grant <>, Chairs, Fuqiao Xue <>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <>.
$Id: 27.html,v 1.1 2019/11/08 08:58:36 carcone Exp $