CA/Revocation Reasons: Difference between revisions

CA/Revocation Reasons (view source)

5 bytes added , 25 May 2022

m

cleaning up the new section

Confirmed users, Administrators

5,526

edits

@@ Line 98: / Line 98: @@
 #* The CA must revoke all instances of that key across all subscribers
 # The certificate subscriber requesting the revocation has not demonstrated possession of the private key, and the CA does not have evidence of private key compromise.
-#* The CA must not revoke all instances of that key across all subscribers
-#** Unless/until the CA receives evidence of private key compromise
 #* The CA may revoke all certificates associated with that subscriber that contain that public key
 #* The CA may block issuance of future certificates with that key for that subscriber
+#* Unless the CA receives evidence of private key compromise the CA must not revoke all instances of that key across all other subscribers
 # The certificate subscriber previously requested revocation without demonstrating possession of the private key, and later sends another revocation request which does demonstrate possession of the private key.
-#* The CA must revoke all instances of that key across all subscribers
+#* The CA must then revoke all instances of that key across all subscribers
 # The certificate subscriber previously requested revocation without demonstrating possession of the private key, and later the CA receives evidence of private key compromise.
-#* The CA must revoke all instances of that key across all subscribers
+#* The CA must then revoke all instances of that key across all subscribers
 === Possession of Private Key ===