Revocation Propagation Evaluation
by Nick Clark | Published April 25, 2026
Credential revocations propagate through the mesh; health monitoring evaluates the propagation completeness and identifies revocation gaps.
What It Specifies
Revocations enter as credentialed events: revoking authority, revoked credential, revocation reason, revocation timestamp. The architecture propagates the revocation; monitoring evaluates whether the propagation reached all relevant endpoints.
Propagation gaps surface as monitoring events. Endpoints that haven't received revocation, endpoints with stale credential caches, and endpoints with revocation-evaluation failures all enter the architecture as credentialed events.
Why It Matters Structurally
Revocation without propagation evaluation produces architectural risk. Stale credentials may continue to admit operations after revocation; the architecture must evaluate propagation structurally.
Propagation evaluation produces structural defense. The architecture surfaces propagation gaps; affected endpoints can be flagged or refreshed structurally.
How It Composes With Mesh Operation
The architecture defines the propagation-evaluation primitives, the gap-identification algorithms, and the event recording. Implementations apply the architecture; monitoring operations proceed within the framework.
Propagation composes with other features. Cross-jurisdictional revocation propagation, byzantine-robust propagation under contested revocation, and dispute mechanism for revocation disputes all build on the propagation primitive.
What This Enables
Defense credential management gains structurally-supported revocation. Civilian critical-infrastructure credential management gains the same.
The architecture also supports propagation evolution. As revocation patterns mature, propagation protocols update through governance procedures.
