* TO DO
== OCSP and CRL ==The [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum Baseline Requirements] say they following about CRLReasons in OCSP:* Section 7.3: ''Effective 2020‐09‐30, the CRLReason indicated MUST contain a value permitted for CRLs, as specified in Section 7.2.2.''* Section 7.3.2: ''The singleExtensions of an OCSP response MUST NOT contain the reasonCode (OID 2.5.29.21) CRL entry extension.''
TO DO
* Address questions about consistency between OCSP and CRL revocation reason codes for a certificate. (Not required by Mozilla)
* BR section 7.3.2 says: “The singleExtensions of an OCSP response MUST NOT contain the reasonCode (OID 2.5.29.21) CRL entry extension.”
* Answer question about certificateHold in OCSP responses per RFC 6960?
BRs section 7.2.2: '' the CRLReason MUST NOT be certificateHold''
== Banned Revocation Reasons ==