CA/Revocation Reasons: Difference between revisions

Jump to navigation Jump to search

CA/Revocation Reasons (view source)

Revision as of 23:50, 12 April 2022

337 bytes added ,  12 April 2022
continued drafting text
(continued drafting text)
(continued drafting text)
Line 72: Line 72:
* TO DO
* TO DO


== OCSP and CRL ==
== OCSP ==
The [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum Baseline Requirements] say they following about CRLReasons in OCSP:
* Section 7.3: ''Effective 2020‐09‐30, the CRLReason indicated MUST contain a value permitted for CRLs, as specified in Section 7.2.2.''
* Section 7.3.2: ''The singleExtensions of an OCSP response MUST NOT contain the reasonCode (OID 2.5.29.21) CRL entry extension.''
 
 
 
TO DO
TO DO
* Address questions about consistency between OCSP and CRL revocation reason codes for a certificate. (Not required by Mozilla)
* Address questions about consistency between OCSP and CRL revocation reason codes for a certificate. (Not required by Mozilla)
* BR section 7.3.2 says: “The singleExtensions of an OCSP response MUST NOT contain the reasonCode (OID 2.5.29.21) CRL entry extension.”
 
 
* Answer question about certificateHold in OCSP responses per RFC 6960?
* Answer question about certificateHold in OCSP responses per RFC 6960?
 
BRs section 7.2.2: '' the CRLReason MUST NOT be certificateHold''


== Banned Revocation Reasons ==
== Banned Revocation Reasons ==
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1241849"

Navigation menu