Confirm, administrator
5,526
edits
Changes
fixing problems with normative text (all-caps MUST) introducing requirements more stringent than MRSP
== Tools for Requesting Revocation ==
Section 6.1.1 of Mozilla's Root Store Policy says: ''Tools that the CA operator provides to the certificate subscriber MUST allow for these options to be easily specified when the certificate subscriber requests revocation of their TLS end-entity certificate, with the default value being that no revocation reason is provided (i.e. the default corresponds to the CRLReason “unspecified (0)” which results in no reasonCode extension being provided in the CRL).''
* No reason provided or unspecified (RFC 5280 CRLReason #0)
** This MUST must be the default value in tools provided by the CA.
** Certificate subscribers are not required to provide a revocation reason, unless their private key has been compromised.
* keyCompromise (RFC 5280 CRLReason #1)
