Removal of expired DSC

Question

Removal of expired DSC

ryanbnl opened this issue 3 years ago · 3 comments

How should we handle this?

For example:

Country XX has:

CSCA (kid: AAAAA) with notBefore/notAfter of 2020-01-01 and 2024-12-31 respectively.
DSC (kid: ABCDE) with notBefore/notAfter of 2022-01-01 and 2022-03-31 respectively.

The country has issued 200k DCC issued by ABCDE. These DSC are valid for a period of 12 months as per the guidelines for issuers.

On 2022-06-15 the key ABCDE is no longer valid - meaning that any DCC signed by it after 2022-03-31 are not valid. However the DCC issued by it during the validity period are valid, and will remain valid for some time.

Removing ABCDE from the gateway effectively revokes all of the DCC issued with it. That is not a desired outcome. However there has been some discussion/wish to somehow flag/handle these DSC separately from those which are currently valid.

The certificate governance document recommends that DSC has an validity period which will always exceed/match the validity of the DCC issued by it. The documentation is published in the certificate governance guide.

This issue has been opened to allow discussion to take place.

Answer 1 · 2022-06-15T14:30:47.000Z

Can we agree that, in the described case, the country XX didn't follow the guidance?
The DSC should have a pkup valid from/to the 2022-01-01 and 2022-03-31 respectively and a certificate valid from/to the 2022-01-01 and 2023-03-31.

As a result, the issue would have to be dealt with by the country XX, republishing the associated DCCs with a new and correctly defined DSC.

Answer 2 · 2022-06-16T08:42:50.000Z

Yes I totally agree - the country did not follow the guidance in that case.

Answer 3 · 2022-06-16T08:45:59.000Z

In practise there is a second use-case for the DCC over and above travel - that of continuous care. By providing a statement on the holder's medical history, cryptographically signed by the Health Authority where the treatment occurred it has value even after the nominal expiry. Specifically as part of the patient's history.

Although the DCC is not explicitly designed for this case, it will and in fact is being used for that case.

For this scenario there is a need to keep the cryptographic materials after their nominal expiry date.