Changes

CA/Revocation Reasons

196 bytes removed, 00:05, 13 April 2022

continued drafting text

== OCSP ==

~~The [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum Baseline Requirements] say they following about~~ Mozilla does not expect there to be CRLReasons in OCSP:* Section 7.3: ''Effective 2020‐09‐30, the CRLReason indicated MUST contain a value permitted responses for ~~CRLs, as specified in Section 7.2.2.''~~* Section 7.3.2: ''The singleExtensions of an OCSP response MUST NOT contain the reasonCode (OID 2.5.29.21) CRL entry extensionTLS end-entity certificates.''

Section 7.3.2 of the BRs says: ''The singleExtensions of an OCSP response MUST NOT contain the reasonCode (OID 2.5.29.21) CRL entry extension.''

== certificateHold ==~~TO DO~~* Address questions about consistency between OCSP and CRL revocation reason codes for a certificate. (Not required by Mozilla) The BRs say the following:* ~~Answer question about certificateHold in OCSP responses per RFC 6960?BRs section~~ Section 7.2.2says: '' the CRLReason MUST NOT be certificateHold''* Section 7.3 (OCSP Profile) says: ''the CRLReason indicated MUST contain a value permitted for CRLs, as specified in Section 7.2.2.''

== Banned Revocation Reasons ==

Kathleen Wilson

Confirm, administrator

5,526

edits

Changes

CA/Revocation Reasons

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools