Christian,
If we really want to get into the issues of very strong assurance,
the discussion needs to take into account the possibility that the
private key has been compromised but the compromise has not been
discovered yet. No combination of CRLs and/or online interaction with
the CA will provide any help.
Suppose your key has been compromised but neither you nor your CA know
that it's been compromised. I get a message purportedly signed by
you. I check the CRLs and don't see a revocation. I wait until the
next CRL is issued and it's still not listed. I contact your CAD and
am told everything is ok. Even if I try to talk "directly" to you,
unless I use an out of band means to communicate, I don't have any way
of knowing that I'm in fact talking to you and not to someone who has
your key.
Therefore, this thread is limited to gaining more assurance that the
information known by CA is acquired by the receiver. This is useful,
but it's not enough to provide airtight assurance that the message is
not a forgery.
Steve