I vote for HAVE been revoked rather than some date in the future.
Besides the normal arguments for simplicity and compliance, I thought
about the following...
It appears that the intent is to close the window by putting Certs on
the current list which are going to be revoked before the next regular
issuance of a CRL. I can't think of a case when one might do this
as a practical matter.
One side of the coin is: Wouldn't it be a feature to allow an issuer
to notify certificate users in advance that certain certificates
are going to be revoked thereby protecting those users from depending
on timely receipt of a CRL ?
On the other side: When would an issuer want to notify a
subject in advance that they are going to have their certificate
revoked ? (ie. what risks are involved and are they worth it ?)
(Some strawpersons)
University student certificates will most likely have expiration
dates which reflect the significant dates of the school year...
crls will probably be issued periodically to mirror these dates.
Corporate managers may not have fixed dates for all their employees
but may adopt some structures revolving around the corporate
fiscal year. I thought that perhaps they could want to pre-publish
certificates which are going to be revoked prior to a layoff,
but that would violate the secrecy normally surrounding such events ...
Havin' fun,
John Lowry