325K.14 Suspension of certificate.
Subdivision 1. Suspension for 48 hours. Unless the certification authority and the subscriber agree otherwise, the licensed certification authority that issued a certificate that is not a transactional certificate must suspend the certificate for a period not to exceed 48 hours:
(1) upon request by a person identifying himself or herself as the subscriber named in the certificate, or as a person in a position likely to know of a compromise of the security of a subscriber's private key, such as an agent, business associate, employee, or member of the immediate family of the subscriber; or
(2) by order of the secretary under section 325K.10.
The certification authority need not confirm the identity or agency of the person requesting suspension.
Subd. 2. Suspension for 48 hours; other causes. (a) Unless the certificate provides otherwise or the certificate is a transactional certificate, the secretary or a county clerk may suspend a certificate issued by a licensed certification authority for a period of 48 hours, if:
(1) a person identifying himself or herself as the subscriber named in the certificate or as an agent, business associate, employee, or member of the immediate family of the subscriber requests suspension; and
(2) the requester represents that the certification authority that issued the certificate is unavailable.
(b) The secretary or county clerk may require the person requesting suspension to provide evidence, including a statement under oath or affirmation, regarding the requester's identity, authorization, or the unavailability of the issuing certification authority, and may decline to suspend the certificate in its discretion. The secretary or law enforcement agencies may investigate suspensions by the secretary or county clerk for possible wrongdoing by persons requesting suspension.
Subd. 3. Notice of suspension. Immediately upon suspension of a certificate by a licensed certification authority, the licensed certification authority shall give notice of the suspension according to the specification in the certificate. If one or more repositories are specified, then the licensed certification authority must publish a signed notice of the suspension in all the repositories. If a repository no longer exists or refuses to accept publication, or if no repository is recognized under section 325K.25, the licensed certification authority must also publish the notice in a recognized repository. If a certificate is suspended by the secretary or county clerk, the secretary or clerk must give notice as required in this subdivision for a licensed certification authority, provided that the person requesting suspension pays in advance any fee required by a repository for publication of the notice of suspension.
Subd. 4. Terminating suspension. A certification authority must terminate a suspension initiated by request only:
(1) if the subscriber named in the suspended certificate requests termination of the suspension and the certification authority has confirmed that the person requesting suspension is the subscriber or an agent of the subscriber authorized to terminate the suspension; or
(2) when the certification authority discovers and confirms that the request for the suspension was made without authorization by the subscriber. However, this clause does not require the certification authority to confirm a request for suspension.
Subd. 5. Contract limitation or preclusion. The contract between a subscriber and a licensed certification authority may limit or preclude requested suspension by the certification authority, or may provide otherwise for termination of a requested suspension. However, if the contract limits or precludes suspension by the secretary or county clerk when the issuing certification authority is unavailable, the limitation or preclusion is effective only if notice of it is published in the certificate.
Subd. 6. Misrepresentation. No person may knowingly or intentionally misrepresent to a certification authority the person's identity or authorization in requesting suspension of a certificate. Violation of this subdivision is a misdemeanor.
Subd. 7. Effect on subscriber. The subscriber is released from the duty to keep the private key secure under section 325K.13, subdivision 1, while the certificate is suspended.
HIST: 1997 c 178 s 15
Official Publication of the State of Minnesota
Revisor of Statutes