OID: {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) crl(3) base-types(2) major-version-3(3) minor-version-2(2)} @note Section references in this file are to clauses in IEEE Std 1609.2 unless indicated otherwise. Full forms of acronyms and abbreviations used in this file are specified in 3.2.
The fields in this structure have the following meaning:
Fields:
version Uint8 (1)
is the version number of the CRL. For this version of this
standard it is 1.
crlSeries CrlSeries
represents the CRL series to which this CRL belongs. This
is used to determine whether the revocation information in a CRL is relevant
to a particular certificate as specified in 5.1.3.2.
crlCraca HashedId8
contains the low-order eight octets of the hash of the
certificate of the Certificate Revocation Authorization CA (CRACA) that
ultimately authorized the issuance of this CRL. This is used to determine
whether the revocation information in a CRL is relevant to a particular
certificate as specified in 5.1.3.2. In a valid signed CRL as specified in
7.4 the crlCraca is consistent with the associatedCraca field in the
Service Specific Permissions as defined in 7.4.3.3. The HashedId8 is
calculated with the whole-certificate hash algorithm, determined as
described in 6.4.3, applied to the COER-encoded certificate, canonicalized
as defined in the definition of Certificate.
issueDate Time32
specifies the time when the CRL was issued.
nextCrl Time32
contains the time when the next CRL with the same crlSeries
and cracaId is expected to be issued. The CRL is invalid unless nextCrl is
strictly after issueDate. This field is used to set the expected update time
for revocation information associated with the (crlCraca, crlSeries) pair as
specified in 5.1.3.6.
priorityInfo CrlPriorityInfo
contains information that assists devices with limited
storage space in determining which revocation information to retain and
which to discard.
typeSpecific TypeSpecificCrlContents
contains the CRL body.
CrlContents ::= SEQUENCE {version Uint8 (1),crlSeries CrlSeries,crlCraca HashedId8,issueDate Time32,nextCrl Time32,priorityInfo CrlPriorityInfo,typeSpecific TypeSpecificCrlContents}
This data structure contains information that assists devices with limited storage space in determining which revocation information to retain and which to discard.
@note This mechanism is for future use; details are not specified in this version of the standard.
Fields:
CrlPriorityInfo ::= SEQUENCE {priority Uint8 OPTIONAL,...}
This structure contains type-specific CRL contents.
@note It is the intent of this standard that once a certificate is revoked, it remains revoked for the rest of its lifetime. CRL signers are expected to include a revoked certificate on all CRLs issued between the certificate's revocation and its expiry.
@note Seed evolution function and linkage value generation function identification. In order to derive linkage values per the mechanisms given in 5.1.3.4, a receiver needs to know the seed evolution function and the linkage value generation function.
If the contents of this structure is a ToBeSignedLinkageValueCrlWithAlgIdentifier, then the seed evolution function and linkage value generation function are given explicitly as specified in the specification of ToBeSignedLinkageValueCrlWithAlgIdentifier.
If the contents of this structure is a ToBeSignedLinkageValueCrl, then the seed evolution function and linkage value generation function are obtained based on the crlCraca field in the CrlContents:
Fields:
fullHashCrl ToBeSignedHashIdCrl
contains a full hash-based CRL, i.e., a listing of the
hashes of all certificates that:
deltaHashCrl ToBeSignedHashIdCrl
contains a delta hash-based CRL, i.e., a listing of
the hashes of all certificates that:
fullLinkedCrl ToBeSignedLinkageValueCrl
and fullLinkedCrlWithAlg: contain a full linkage
ID-based CRL, i.e., a listing of the individual and/or group linkage data
for all certificates that:
deltaLinkedCrl ToBeSignedLinkageValueCrl
and deltaLinkedCrlWithAlg: contain a delta linkage
ID-based CRL, i.e., a listing of the individual and/or group linkage data
for all certificates that:
fullLinkedCrlWithAlg ToBeSignedLinkageValueCrlWithAlgIdentifier
deltaLinkedCrlWithAlg ToBeSignedLinkageValueCrlWithAlgIdentifier
TypeSpecificCrlContents ::= CHOICE {fullHashCrl ToBeSignedHashIdCrl,deltaHashCrl ToBeSignedHashIdCrl,fullLinkedCrl ToBeSignedLinkageValueCrl,deltaLinkedCrl ToBeSignedLinkageValueCrl,...,fullLinkedCrlWithAlg ToBeSignedLinkageValueCrlWithAlgIdentifier,deltaLinkedCrlWithAlg ToBeSignedLinkageValueCrlWithAlgIdentifier}
This data structure represents information about a revoked certificate.
@note To indicate that a hash-based CRL contains no individual revocation information items, the recommended approach is for the SEQUENCE OF in the SequenceOfHashBasedRevocationInfo in this field to indicate zero entries.
Fields:
crlSerial Uint32
is a counter that increments by 1 every time a new full
or delta CRL is issued for the indicated crlCraca and crlSeries values.
entries SequenceOfHashBasedRevocationInfo
contains the individual revocation information items.
ToBeSignedHashIdCrl ::= SEQUENCE {crlSerial Uint32,entries SequenceOfHashBasedRevocationInfo,...}
This type is used for clarity of definitions.
SequenceOfHashBasedRevocationInfo ::=SEQUENCE OF HashBasedRevocationInfo
In this structure:
Fields:
id HashedId10
is the HashedId10 identifying the revoked certificate. The
HashedId10 is calculated with the whole-certificate hash algorithm,
determined as described in 6.4.3, applied to the COER-encoded certificate,
canonicalized as defined in the definition of Certificate.
expiry Time32
is the value computed from the validity period's start and
duration values in that certificate.
HashBasedRevocationInfo ::= SEQUENCE {id HashedId10,expiry Time32,...}
In this structure:
@note To indicate that a linkage ID-based CRL contains no individual linkage data, the recommended approach is for the SEQUENCE OF in the SequenceOfJMaxGroup in this field to indicate zero entries.
@note To indicate that a linkage ID-based CRL contains no group linkage data, the recommended approach is for the SEQUENCE OF in the SequenceOfGroupCrlEntry in this field to indicate zero entries.
Fields:
iRev IValue
is the value iRev used in the algorithm given in 5.1.3.4. This
value applies to all linkage-based revocation information included within
either indvidual or groups.
indexWithinI Uint8
is a counter that is set to 0 for the first CRL issued
for the indicated combination of crlCraca, crlSeries, and iRev, and
increments by 1 every time a new full or delta CRL is issued for the
indicated crlCraca and crlSeries values without changing iRev.
individual SequenceOfJMaxGroup OPTIONAL
contains individual linkage data.
groups SequenceOfGroupCrlEntry OPTIONAL
contains group linkage data.
groupsSingleSeed SequenceOfGroupSingleSeedCrlEntry OPTIONAL
contains group linkage data generated with a single
seed.
ToBeSignedLinkageValueCrl ::= SEQUENCE {iRev IValue,indexWithinI Uint8,individual SequenceOfJMaxGroup OPTIONAL,groups SequenceOfGroupCrlEntry OPTIONAL,...,groupsSingleSeed SequenceOfGroupSingleSeedCrlEntry OPTIONAL} (WITH COMPONENTS {..., individual PRESENT} |WITH COMPONENTS {..., groups PRESENT} |WITH COMPONENTS {..., groupsSingleSeed PRESENT})
This type is used for clarity of definitions.
SequenceOfJMaxGroup ::= SEQUENCE OF JMaxGroup
In this structure:
Fields:
JMaxGroup ::= SEQUENCE {jmax Uint8,contents SequenceOfLAGroup,...}
This type is used for clarity of definitions.
SequenceOfLAGroup ::= SEQUENCE OF LAGroup
In this structure:
Fields:
la1Id LaId
is the value LinkageAuthorityIdentifier1 used in the
algorithm given in 5.1.3.4. This value applies to all linkage-based
revocation information included within contents.
la2Id LaId
is the value LinkageAuthorityIdentifier2 used in the
algorithm given in 5.1.3.4. This value applies to all linkage-based
revocation information included within contents.
contents SequenceOfIMaxGroup
contains individual linkage data.
LAGroup ::= SEQUENCE {la1Id LaId,la2Id LaId,contents SequenceOfIMaxGroup,...}
This type is used for clarity of definitions.
SequenceOfIMaxGroup ::= SEQUENCE OF IMaxGroup
In this structure:
Fields:
iMax Uint16
indicates that for the entries in contents, revocation
information need no longer be calculated once iCert > iMax as the holder
is known to have no more valid certs at that point. iMax is not directly
used in the calculation of the linkage values, it is used to determine
when revocation information can safely be deleted.
contents SequenceOfIndividualRevocation
contains individual linkage data for certificates that are
revoked using two seeds, per the algorithm given in per the mechanisms
given in 5.1.3.4 and with seedEvolutionFunctionIdentifier and
linkageValueGenerationFunctionIdentifier obtained as specified in 7.3.3.
singleSeed SequenceOfLinkageSeed OPTIONAL
contains individual linkage data for certificates that
are revoked using a single seed, per the algorithm given in per the
mechanisms given in 5.1.3.4 and with seedEvolutionFunctionIdentifier and
linkageValueGenerationFunctionIdentifier obtained as specified in 7.3.3.
IMaxGroup ::= SEQUENCE {iMax Uint16,contents SequenceOfIndividualRevocation,...,singleSeed SequenceOfLinkageSeed OPTIONAL}
This type is used for clarity of definitions.
SequenceOfIndividualRevocation ::=SEQUENCE (SIZE(0..MAX)) OF IndividualRevocation
In this structure:
Fields:
linkageSeed1 LinkageSeed
is the value LinkageSeed1 used in the algorithm given
in 5.1.3.4.
linkageSeed2 LinkageSeed
is the value LinkageSeed2 used in the algorithm given
in 5.1.3.4.
IndividualRevocation ::= SEQUENCE {linkageSeed1 LinkageSeed,linkageSeed2 LinkageSeed,...}
This type is used for clarity of definitions.
SequenceOfGroupCrlEntry ::= SEQUENCE OF GroupCrlEntry
In this structure:
Fields:
iMax Uint16
indicates that for these certificates, revocation information
need no longer be calculated once iCert > iMax as the holders are known
to have no more valid certs for that (crlCraca, crlSeries) at that point.
la1Id LaId
is the value LinkageAuthorityIdentifier1 used in the
algorithm given in 5.1.3.4. This value applies to all linkage-based
revocation information included within contents.
linkageSeed1 LinkageSeed
is the value LinkageSeed1 used in the algorithm given
in 5.1.3.4.
la2Id LaId
is the value LinkageAuthorityIdentifier2 used in the
algorithm given in 5.1.3.4. This value applies to all linkage-based
revocation information included within contents.
linkageSeed2 LinkageSeed
is the value LinkageSeed2 used in the algorithm given
in 5.1.3.4.
GroupCrlEntry ::= SEQUENCE {iMax Uint16,la1Id LaId,linkageSeed1 LinkageSeed,la2Id LaId,linkageSeed2 LinkageSeed,...}
In this structure:
Fields:
iRev IValue
is the value iRev used in the algorithm given in 5.1.3.4. This
value applies to all linkage-based revocation information included within
either indvidual or groups.
indexWithinI Uint8
is a counter that is set to 0 for the first CRL issued
for the indicated combination of crlCraca, crlSeries, and iRev, and increments by 1 every time a new full or delta CRL is issued for the indicated crlCraca and crlSeries values without changing iRev.
seedEvolution SeedEvolutionFunctionIdentifier
contains an identifier for the seed evolution
function, used as specified in 5.1.3.4.
lvGeneration LvGenerationFunctionIdentifier
contains an identifier for the linkage value
generation function, used as specified in 5.1.3.4.
individual SequenceOfJMaxGroup OPTIONAL
contains individual linkage data.
groups SequenceOfGroupCrlEntry OPTIONAL
contains group linkage data for linkage value generation
with two seeds.
groupsSingleSeed SequenceOfGroupSingleSeedCrlEntry OPTIONAL
contains group linkage data for linkage value
generation with one seed.
ToBeSignedLinkageValueCrlWithAlgIdentifier ::= SEQUENCE {iRev IValue,indexWithinI Uint8,seedEvolution SeedEvolutionFunctionIdentifier,lvGeneration LvGenerationFunctionIdentifier,individual SequenceOfJMaxGroup OPTIONAL,groups SequenceOfGroupCrlEntry OPTIONAL,groupsSingleSeed SequenceOfGroupSingleSeedCrlEntry OPTIONAL,...} (WITH COMPONENTS {..., individual PRESENT} |WITH COMPONENTS {..., groups PRESENT} |WITH COMPONENTS {..., groupsSingleSeed PRESENT})
This type is used for clarity of definitions.
SequenceOfGroupSingleSeedCrlEntry ::=SEQUENCE OF GroupSingleSeedCrlEntry
This structure contains the linkage seed for group revocation with a single seed. The seed is used as specified in the algorithms in 5.1.3.4.
Fields:
GroupSingleSeedCrlEntry ::= SEQUENCE {iMax Uint16,laId LaId,linkageSeed LinkageSeed}
This structure contains an identifier for the algorithms specified in 5.1.3.4.
ExpansionAlgorithmIdentifier ::= ENUMERATED {sha256ForI-aesForJ,sm3ForI-sm4ForJ,...}
This is the identifier for the seed evolution function. See 5.1.3 for details of use.
SeedEvolutionFunctionIdentifier ::= NULL
This is the identifier for the linkage value generation function. See 5.1.3 for details of use.
LvGenerationFunctionIdentifier ::= NULL