Changes

Jump to: navigation, search

CA/Revocation Reasons

283 bytes added, 18:33, 13 April 2022
Incorporating feedback
* There were no policies specifying the information that CAs should provide to their certificate subscribers about revocation reasons
The following CRLRevocation Reasons TLS Certificates may be specified in the CRL reasonCode extension revoked ONLY for end-entity TLS certificates. They MUST be specified under one of the conditions detailed in section 6.1.1 of Mozilla's Root Store Policy following reasons:* unspecified (starting with version 2.8RFC 5280 CRLReason #0).
* keyCompromise (RFC 5280 CRLReason #1)
* affiliationChanged (RFC 5280 CRLReason #3)
* superseded (RFC 5280 CRLReason #4)
* cessationOfOperation (RFC 5280 CRLReason #5)
* privilegeWithdrawn (RFC 5280 CRLReason #9)
 The CRL reasonCode extension must be used when any of the following reasons are used:* cessationOfOperation keyCompromise (RFC 5280 CRLReason #51)
* affiliationChanged (RFC 5280 CRLReason #3)
* superseded (RFC 5280 CRLReason #4)
* cessationOfOperation (RFC 5280 CRLReason #5)
* privilegeWithdrawn (RFC 5280 CRLReason #9)
 
If the reason for revocation is unspecified (RFC 5280 CRLReason #0), the CRL reasonCode for that entry must be omitted.
== Communication to Subscribers ==
Kathleen Wilson
Confirm, administrator
5,526
edits
Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1241870"

Navigation menu