Certificate Agility Issues Implicit assumption that certificate status mechanisms use consistent cryptography This precludes transitioning to new algorithms No direct support for multi-alg status mechanisms If two CRLs are available, client has to download both and parse the CRLs in turn until one with an acceptable signature alg is found If multiple OCSP servers are available, client doesn’t know which to contact |