|
|
|
|
|
|
by alberts00
1696 days ago
|
|
|
As far as I'm aware there was no technical solution for key revocation when the EU Covid Certificate was first launched in July. The only possibility I saw for revocation was to revoke the whole CA, instead of e.g CRL check. Can you elaborate what makes you think that key revocation is built into the system? |
|
|
My understanding was that each node in a certificate tree/list consists of a key pair (public/private), and the entity metadata which needs to be verified. eg. the root CA has a private key that it uses to sign CAs, and those CAs have their own private key that it used to sign individual leaf node certificates.
Meanwhile, revocations are distributed as a separate CRL - certificate revocation list - which contains a list of certificates whose signees are no longer to be trusted. I'm not very clear on how this process works, but in any case I don't think keys can be revoked.