Confirmed users, Administrators
5,526
edits
CA/Revocation Reasons: Difference between revisions
Jump to navigation
Jump to search
fixing problems with normative text (all-caps MUST) introducing requirements more stringent than MRSP
(fixing problems with normative text (all-caps MUST) introducing requirements more stringent than MRSP) |
(fixing problems with normative text (all-caps MUST) introducing requirements more stringent than MRSP) |
||
| Line 44: | Line 44: | ||
== Tools for Requesting Revocation == | == Tools for Requesting Revocation == | ||
Tools that the CA provides to the certificate subscriber MUST allow for these options to be easily specified when the certificate subscriber requests revocation of their | Section 6.1.1 of Mozilla's Root Store Policy says: | ||
''Tools that the CA operator provides to the certificate subscriber MUST allow for these options to be easily specified when the certificate subscriber requests revocation of their certificate, with the default value being that no revocation reason is provided (i.e. the default corresponds to the CRLReason “unspecified (0)” which results in no reasonCode extension being provided in the CRL).'' | |||
* No reason provided or unspecified (RFC 5280 CRLReason #0) | * No reason provided or unspecified (RFC 5280 CRLReason #0) | ||
** This | ** This must be the default value in tools provided by the CA. | ||
** Certificate subscribers are not required to provide a revocation reason, unless their private key has been compromised. | ** Certificate subscribers are not required to provide a revocation reason, unless their private key has been compromised. | ||
* keyCompromise (RFC 5280 CRLReason #1) | * keyCompromise (RFC 5280 CRLReason #1) | ||