A user Alice can doubly encrypt a message using another user's (Bob) public key and their (Bob's) identity.
This means that the user (Bob) can not decrypt it without a currently valid certificate and also that the CA can not decrypt the message as they don't have the user's private key (i.e. there is no implicit escrow as with ID-Based cryptography, as the double encryption means they cannot decrypt it solely with the information they have).
Key revocation can be added to the system by requiring a new certificate to be issued frequently (daily/hourly depending on level of security required), because the certificate is "public information" it does not need to be transmitted over a secret channel. The downside of this is the requirement for regular communication between users and the CA, which means the CA is more vulnerable to electronic attacks such as a Denial of Service attacks and also that such attacks could effectively stop the system from working. This risk can be partially but not completely reduced by having a hierarchy of multiple CAs.