Removal of expired DSC #21
Comments
|
Can we agree that, in the described case, the country XX didn't follow the guidance? As a result, the issue would have to be dealt with by the country XX, republishing the associated DCCs with a new and correctly defined DSC. |
|
Yes I totally agree - the country did not follow the guidance in that case. |
|
In practise there is a second use-case for the DCC over and above travel - that of continuous care. By providing a statement on the holder's medical history, cryptographically signed by the Health Authority where the treatment occurred it has value even after the nominal expiry. Specifically as part of the patient's history. Although the DCC is not explicitly designed for this case, it will and in fact is being used for that case. For this scenario there is a need to keep the cryptographic materials after their nominal expiry date. |
How should we handle this?
For example:
Country XX has:
AAAAA) withnotBefore/notAfterof 2020-01-01 and 2024-12-31 respectively.ABCDE) withnotBefore/notAfterof 2022-01-01 and 2022-03-31 respectively.The country has issued 200k DCC issued by
ABCDE. These DSC are valid for a period of 12 months as per the guidelines for issuers.On 2022-06-15 the key
ABCDEis no longer valid - meaning that any DCC signed by it after2022-03-31are not valid. However the DCC issued by it during the validity period are valid, and will remain valid for some time.Removing
ABCDEfrom the gateway effectively revokes all of the DCC issued with it. That is not a desired outcome. However there has been some discussion/wish to somehow flag/handle these DSC separately from those which are currently valid.The certificate governance document recommends that DSC has an validity period which will always exceed/match the validity of the DCC issued by it. The documentation is published in the certificate governance guide.
This issue has been opened to allow discussion to take place.
The text was updated successfully, but these errors were encountered: