574    Chapter 10 • Public Key Infrastructure



              EXAM WARNING
                  Make sure you understand how a certificate policy differs from a CPS.





             Revocation


             Certificates are revoked when the information contained in the certificate is no
             longer considered valid or trusted.This can happen when a company changes
             Internet Service Providers (ISPs), moves to a new physical address, or the contact
             listed on the certificate has changed – anything that makes the certificate’s informa-
             tion no longer reliable from that point forward.



              NOTE
                  Information that has already been encrypted using the public key in a
                  certificate that is later revoked is not necessarily invalid, just as the
                  checks you signed last month are not voided by your reporting the theft
                  of your driver’s license this week.




                 In an organization that has implemented its own PKI, a certificate owner may
             have their certificate revoked upon terminating employment.The most important
             reason to revoke a certificate is if the private key has been compromised in any
             way. If a key has been compromised, it should be revoked immediately.



              EXAM WARNING
                  Certificate expiration is different from certificate revocation. A certifi-
                  cate is considered revoked if it is terminated prior to the end date of
                  the certificate.




                 Along with notifying the CA of the need to revoke a certificate, it is equally
             important to notify all certificate users of the date that the certificate will no
             longer be valid.After notifying users and the CA, the CA is responsible for
             changing the status of the certificate and notifying users that it has been revoked. If



          www.syngress.com