CRL: Certificate Revocation Lists in the EUDI Wallet Trust Framework

A Certificate Revocation List (CRL) is a digitally signed data structure published by a Certificate Authority (CA) that contains a list of certificates the CA has revoked before their scheduled expiration date. Each entry includes the certificate serial number and the revocation date. CRLs are a fundamental component of the Public Key Infrastructure (PKI) that underpins the EUDI Wallet trust framework, enabling wallets and verifiers to detect and reject credentials signed by compromised or invalidated certificates.

Every certificate issued by a CA includes a CRL Distribution Point (CDP) extension that specifies the URL where the CA publishes its CRL. When an entity needs to verify a certificate, it downloads the CRL from this URL, checks the CA signature on the CRL to ensure authenticity, and looks up the certificate serial number. If the serial number appears in the CRL, the certificate is revoked and must not be trusted.

CRLs include two critical timestamps: thisUpdate (when the CRL was published) and nextUpdate (when the next CRL will be published). Relying parties cache the CRL and consider it valid until the nextUpdate time, reducing the need for frequent downloads. Delta CRLs are incremental updates that contain only certificates revoked since the last full CRL, reducing bandwidth for environments with high revocation volumes.

CRL entries can include reason codes explaining why the certificate was revoked: key compromise, CA compromise, affiliation changed, superseded, cessation of operation, or certificate hold (temporary suspension). In the EUDI context, these reason codes help operators understand and respond to revocation events appropriately.

The EUDI Wallet ecosystem uses CRLs at multiple levels of the trust chain:

• •Issuer certificate revocation: If a credential issuer's signing certificate is compromised, the CA adds it to the CRL. All credentials signed with that certificate are then effectively invalidated during verification.
• •Wallet provider certificate revocation: If a wallet implementation is found to have security vulnerabilities, the wallet provider certificate can be revoked, flagging the wallet as untrusted.
• •Relying party certificate revocation: If a verifier's authorization is withdrawn, their certificate is revoked so wallets can identify them as untrusted.

Note that CRLs handle certificate-level revocation. Individual credential revocation (e.g., revoking a specific person's driving license) uses different mechanisms like Status Lists (bitstring-based revocation) or Token Status Lists, which are separate from the PKI CRL system.

One of the key advantages of CRLs over OCSP is support for offline verification. In scenarios like border checkpoints in remote areas, public transport ticket validation, or in-store age verification, network connectivity may be limited or unavailable. Verifiers can pre-download CRLs and cache them for offline use.

The trade-off is freshness: a cached CRL may not reflect very recent revocations. The EUDI framework addresses this by defining maximum acceptable CRL age for different assurance levels. High-assurance scenarios (border control, financial services) may require CRLs no older than a few hours, while lower-assurance scenarios (retail age verification) may accept CRLs up to 24 hours old. CDNs distribute CRLs across Europe to ensure fast, reliable access from any location.