Page tree
Skip to end of metadata
Go to start of metadata
Target releasePost PoC
Document owner
Reviewer

EE re-enrollment will be integrated with the to-be-awarded "SCMS PoC extension" project as SCMS PoC release 3.0. Until then these are preliminary concepts.

Goals

All End Entities (EEs, including OBEs and RSEs) receive an Enrollment Certificate as part of a secure initial provisioning process (see Use Case 2: OBE Bootstrapping (Manual) and Use Case 12: RSE Bootstrapping (Manual) for details). This certificate is used to authenticate the EE to an RA for all secured transactions with the SCMS. When this certificate approaches its expiration, the EE must be re-established to receive a new certificate. There are also cases where infrastructure components (such as an ICA or Root CA) may be revoked without directly impacting the EEs that have certificates that are chained back to the revoked component. The re-enrollment use cases describe secure procedures for maintaining the integrity and security of EE enrollment certificates in these situations.

Assumptions

The EE has a non-revoked, non-expired enrollment certificate and the EE has not been placed on the RA's blacklist.