You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jul 26, 2023. It is now read-only.
CSCA (kid: AAAAA) with notBefore/notAfter of 2020-01-01 and 2024-12-31 respectively.
DSC (kid: ABCDE) with notBefore/notAfter of 2022-01-01 and 2022-03-31 respectively.
The country has issued 200k DCC issued by ABCDE. These DSC are valid for a period of 12 months as per the guidelines for issuers.
On 2022-06-15 the key ABCDE is no longer valid - meaning that any DCC signed by it after 2022-03-31 are not valid. However the DCC issued by it during the validity period are valid, and will remain valid for some time.
Removing ABCDE from the gateway effectively revokes all of the DCC issued with it. That is not a desired outcome. However there has been some discussion/wish to somehow flag/handle these DSC separately from those which are currently valid.
The certificate governance document recommends that DSC has an validity period which will always exceed/match the validity of the DCC issued by it. The documentation is published in the certificate governance guide.
This issue has been opened to allow discussion to take place.
How should we handle this?
For example:
Country XX has:
AAAAA) withnotBefore/notAfterof 2020-01-01 and 2024-12-31 respectively.ABCDE) withnotBefore/notAfterof 2022-01-01 and 2022-03-31 respectively.The country has issued 200k DCC issued by
ABCDE. These DSC are valid for a period of 12 months as per the guidelines for issuers.On 2022-06-15 the key
ABCDEis no longer valid - meaning that any DCC signed by it after2022-03-31are not valid. However the DCC issued by it during the validity period are valid, and will remain valid for some time.Removing
ABCDEfrom the gateway effectively revokes all of the DCC issued with it. That is not a desired outcome. However there has been some discussion/wish to somehow flag/handle these DSC separately from those which are currently valid.The certificate governance document recommends that DSC has an validity period which will always exceed/match the validity of the DCC issued by it. The documentation is published in the certificate governance guide.
This issue has been opened to allow discussion to take place.