CA/Revocation Reasons: Difference between revisions

Jump to navigation Jump to search

CA/Revocation Reasons (view source)

Revision as of 23:58, 10 May 2022

897 bytes added ,  10 May 2022
Added further clarifications
(Added section about hierarchy of reasons)
(Added further clarifications)
Line 126: Line 126:


For example, if both privilegeWithdrawn and cessationOfOperation apply, then privilegeWithdrawn should be used.
For example, if both privilegeWithdrawn and cessationOfOperation apply, then privilegeWithdrawn should be used.
Each sub-section within section 6.1.1 of Mozilla's Root Store policy ends with the sentence: "Otherwise, the <reason code> CRLReason MUST NOT be used." That sentence applies to the entire sub-section for each revocation reason code.
Treat the "intended" list within each sub-section as "SHOULD" (e.g. "The CRLReason <reason code> is intended to be used to indicate when:").
For example, if the certificate subscriber still owns the domain name and just turns off their web server without revoking their certificate for cessationOfOperation, the CA operator is not responsible for revoking the certificate unless the CA operator becomes aware of keyCompromise or the subscriber agreement not being followed, or until the CA operator receives verifiable evidence that the certificate subscriber no longer controls, or is no longer authorized to use, all of the domain names in the certificate.


== OCSP ==
== OCSP ==
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1242327"

Navigation menu