3.4.2.5 CRL Management

Among the procedures articulated by each PCA in its policy statement are procedures for the maintenance and distribution of CRLs by the PCA itself and by its subordinate CAs. The frequency of issue of CRLs may vary according to PCA-specific policy, but every PCA and CA must issue a CRL upon inception to provide a basis for uniform certificate validation procedures throughout the Internet hierarchy. The IPRA will maintain a CRL for all the PCAs it certifies and this CRL will be updated monthly. Each PCA will maintain a CRL for all of the CAs which it certifies and these CRLs will be updated in accordance with each PCA's policy. The format for these CRLs is that specified in Section 3.5.2 of the document.

In the absence of ubiquitous X.500 directory services, the IPRA will require each PCA to provide, for its users, robust database access to CRLs for the Internet hierarchy, i.e., the IPRA CRL, PCA CRLs, and CRLs from all CAs. The means by which this database is implemented is to be coordinated between the IPRA and PCAs. This database will be accessible via email as specified in RFC 1424, both for retrieval of (current) CRLs by any user, and for submission of new CRLs by CAs, PCAs and the IPRA. Individual PCAs also may elect to maintain CRL archives for their CAs, but this is not required by this policy.