A revocation request needs to be authenticated, unless the DutchGrid medium-security Certification Authority can independently verify that a key compromise has happened. Authentication can be by the procedure described in section 3.1, or via a digitally signed message with a non-expired and non previously revoked certificate issued under this policy, regardless of the CP/CPS version.