Everything I described can be done programmatically. I've written the code to do it.

But anyways, as mcpherrinm reminded me, certificates will still have the CRL Distribution Point extension so you can forget what I said about the CCADB and just do what the RFCs say.