In a PKI, certificate revocation is mainly about requester authentication and approval, not about using one mandatory communication method. The RA is responsible for verifying the applicant’s identity and the legitimacy of the revocation request, then submitting the validated request to the CA. After approval, the CA updates the certificate status, typically by publishing an updated CRL or providing status through OCSP, so relying parties can detect that the certificate is no longer trustworthy.
A “signed and encrypted email” is only one possible way to send a revocation request, but it is not required. In practice, organizations may accept revocation requests through a portal, ticketing system, dedicated PKI management interface, phone with pre-agreed authentication, or other controlled channels. If email is used, digital signature can help prove the requester’s identity and protect integrity, while encryption is optional and depends on policy because the key need is authorization, not confidentiality.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit