Re-registering a revoked client
When a certificate is revoked, the compromised key is discarded. However, the client can rejoin the network in two ways.
- In an authenticating environment, if the client can only access authenticating relays, the client is required to use the manual exchange method if automatic key exchange did not previously take place.
- In an open (non-authenticating) environment, the client can re-register itself with a non-authenticating relay.
In all cases, the computer gets a fresh certificate and a new computer id.
Important: In an authenticating environment, if the client
can access a non-authenticating relay or server, the client can exchange
keys and re-register automatically even if it was explicitly revoked.