§ 19.34.260. Revocation of certificate -- Confirmation -- Notice -- Release from security duty -- Discharge of warranties
(1) A licensed certification authority must revoke a certificate that it issued but which is not a transactional certificate, after:
(a) Receiving a request for revocation by the subscriber named in the certificate; and
(b) Confirming that the person requesting revocation is the subscriber, or is an agent of the subscriber with authority to request the revocation.
(2) A licensed certification authority must confirm a request for revocation and revoke a certificate within one business day after receiving both a subscriber's written request and evidence reasonably sufficient to confirm the identity and any agency of the person requesting the revocation.
(3) A licensed certification authority must revoke a certificate that it issued:
(a) Upon receiving a certified copy of the subscriber's death certificate, or upon confirming by other evidence that the subscriber is dead; or
(b) Upon presentation of documents effecting a dissolution of the subscriber, or upon confirming by other evidence that the subscriber has been dissolved or has ceased to exist, except that if the subscriber is dissolved and is reinstated or restored before revocation is completed, the certification authority is not required to revoke the certificate.
(4) A licensed certification authority may revoke one or more certificates that it issued if the certificates are or become unreliable, regardless of whether the subscriber consents to the revocation and notwithstanding a provision to the contrary in a contract between the subscriber and certification authority.
(5) Immediately upon revocation of a certificate by a licensed certification authority, the licensed certification authority must give notice of the revocation according to the specification in the certificate. If one or more repositories are specified, then the licensed certification authority must publish a signed notice of the revocation in all repositories. If a repository no longer exists or refuses to accept publication, or if no repository is recognized under RCW 19.34.400, then the licensed certification authority must also publish the notice in a recognized repository.
(6) A subscriber ceases to certify, as provided in RCW 19.34.230, and has no further duty to keep the private key secure, as required by RCW 19.34.240, in relation to the certificate whose revocation the subscriber has requested, beginning at the earlier of either:
(a) When notice of the revocation is published as required in subsection (5) of this section; or
(b) One business day after the subscriber requests revocation in writing, supplies to the issuing certification authority information reasonably sufficient to confirm the request, and pays any contractually required fee.
(7) Upon notification as required by subsection (5) of this section, a licensed certification authority is discharged of its warranties based on issuance of the revoked certificate, as to transactions occurring after the notification, and ceases to certify as provided in RCW 19.34.220 (2) and (3) in relation to the revoked certificate.
[1997 c 27 § 13; 1996 c 250 § 307.]
Notes:
Effective date -- Severability -- 1997 c 27: See notes following RCW 19.34.030.
Sections: Previous 19.34.200 19.34.210 19.34.220 19.34.230 19.34.231 19.34.240 19.34.250 19.34.260 19.34.270 19.34.280 19.34.290 19.34.291 19.34.300 19.34.305 19.34.310 Next
Last modified: April 7, 2009