Target releaseRelease 1.0
Document owner
Reviewer



Goals

Background and Strategic Fit

As the SCMS system evolves, it is necessary that SCMS components can be added and removed.

This includes Root CAs. For the PoC, there will be only one Root CA. To manage Roots CAs, (e.g., to add and remove them) the SCMS will employ a multi-Elector system. In this scheme, there are a number of electors. These entities are trust anchors but also vote to manage Root CAs, i.e., to remove or add a new Root CA. The SCMS Manager coordinates the electors. An operation on a Root CA (addition or revocation) will require a message signed by some given number of electors. The exact number of electors needed to perform addition or revocation is a fixed quorum m. The public keys of the electors will be installed into the trust stores of every SCMS component, including the OBEs. In the PoC, electors will be implemented to be manual processes, and the Root Management messages signed by electors will be generated by manual means for testing the management of the Roots CAs.

Assumptions

Requirements

Design

Summary Showing Trust Anchor Relationships Only

Typical SCMS Operations

Day 1: Typical SCMS System Operations

Scenario 1:  Life Cycle of Elector (Level 0) Revocation and Replacement

Scenario 1, Day 2: Process to Revoke an Elector while Maintaining Functionality

Scenario 1, Day 3: System Functional for Period of Time with Two Root Endorsers

Scenario 1, Day 4: Introduction of Replacement Elector

Scenario 1, Day 5: Steady State Operations after the Introduction of Replacement Elector

Scenario 2:  Life Cycle of Root CA (Level 1) Revocation and Replacement

 Scenario 2, Day 2: Prepare New Root CA

Scenario 2, Day 3: Generate New Certificates for all SCMS Components & Distribute

Scenario 2, Day 4: Revoke Root CA

Scenario 2, Day 5: Condition of SCMS while Root CA is Revoked

Scenario 2, Day 6: EEs Updated with New Root Certificate, New Enrollment Certificate and New Pseudonym Certificates