CA/Revocation Reasons: Difference between revisions

CA/Revocation Reasons (view source)

43 bytes added , 19 May 2022

fixing problems with normative text (all-caps MUST) introducing requirements more stringent than MRSP

Confirmed users, Administrators

5,526

edits

@@ Line 25: / Line 25: @@
 == Communication to Subscribers ==
-Section 6.1.1 of Mozilla's Root Store Policy (starting with version 2.8) requires that the Subscriber Agreement or Terms of Use for TLS end-entity certificates inform certificate subscribers about the following revocation reasons. The Subscriber Agreement or Terms of Use MUST contain provisions imposing on the Applicant itself (or made by the Applicant on behalf of its principal or agent under a subcontractor or hosting service relationship) an obligation and warranty to specify the following revocation reasons when they are applicable to the reason that the subscriber is requesting that their certificate be revoked.
+Section 6.1.1 of Mozilla's Root Store Policy says:
+''The CA operator's subscriber agreement for TLS end entity certificates MUST inform certificate subscribers about the revocation reason options listed above and provide explanation about when to choose each option. Tools that the CA operator provides to the certificate subscriber MUST allow for these options to be easily specified when the certificate subscriber requests revocation of their certificate, with the default value being that no revocation reason is provided (i.e. the default corresponds to the CRLReason “unspecified (0)” which results in no reasonCode extension being provided in the CRL).''
 * No reason provided or unspecified (RFC 5280 CRLReason #0)