PKIs, if any, is no useful for authentication on consumable credential. The only merit of PK with CA over shared key with KDC is that no communication with CAs is necessary for every transaction. However, it means that there is no entity to check the amount of remaining credential. So, if an attacker has a certificate to be used for 1,000USD of transaction, the attacker can use the certificate for 1,000 second 1,000 times a second from 1,000 different locations, total damage of which is 1,000,000,000,000USD for personal benifit of the attacker or for economical terrorism to ruin the world wide economy.
It should be noted that CRLs are, because of obvious operational issues, expected to be updated weekly or monthly and quite unlikely hourly, even in which case, CRLs can not prevent the attacks above mentioned.
Masataka Ohta