In order to avoid confusion around the terms used for enrollment after revocation, we will use terms as follows:
- Re-instantiation: An EE is reinstated if the original enrollment certificate is reinstated. This means that: (1) the enrollment certificate is removed from RA's blacklist by either directly removing it or by removing a CA certificate on the path to the root CA from the CRL and (2) that the EE keeps using the original enrollment certificate to request certificates from the SCMS. The already issued pseudonym/identification/application certificates can be used as before, or new certificates can be requested and issued.
- Re-bootstrapping: An EE is re-bootstrapped if the EE's storage is completely erased (including all certificates and cryptographic credentials) and the bootstrap mechanism is executed. A new enrollment certificate is issued and there is no link between the original enrollment certificate and the new enrollment certificate. The re-bootstrapped EE cannot be distinguished to a factory-new EE.
- Re-issuance: An EE enrollment certificate may be re-issued if the public-key of the enrollment certificate stays and an ECA issues a new enrollment certificate based on that same public key. The EE keeps all pseudonym certificates and keeps using the same butterfly key parameters.
- Re-establishment: An EE is re-established if the integrity of the EE can be verified remotely, and the EE generates a new key pair and receives a new enrollment certificate that contains the newly generated public key.
- Re-enrollment: A device is re-enrolled if either re-instantiation, re-bootstrap, a re-issue, or re-establishment is performed.
SCMS PoC for CV Pilots will initially only support re-bootstrapping in the first year of operation. Other forms of re-enrollment will be added at a later point. The SCMS will not support re-issuance.