The goal is to provide the CRL file from the CRL Store (a component of the MA) to the EE when requested.
Background and Strategic Fit
The EE must be aware of revoked entities.
- One or more CRLs have been generated, signed by the CRL Generator, put into a CRL file, and has been made available to the CRL Store
- The CRL Store is able to validate cryptographically the signature on the CRL file prior to making it available for download
The EE is able to download the CRL by issuing a CRL HTTP get request to the CRL Store.
- The CRL Store will not authenticate the EE, i.e., CRL Store will not require that EE sends its enrollment certificate for authentication purposes
- OBE has successfully executed Use Case 2: OBE Bootstrapping (Manual)
- OBE downloads the CRL using the API documented in MA - Download CRL
IEEE 1609.2 specifies CRLs in: https://github.com/wwhyte-si/1609dot2-asn/blob/master/crl-protocol.asn