== Banned Revocation Reasons ==
The CRL Section 6.1.1 of Mozilla's Root Store Policy says: ''If the certificate is revoked for a reason not listed ..., then the reasonCode extension MUST NOT be provided in the CRL.'' Therefore, the CRL reasonCode extension must not contain any of the following reasons for TLS end-entity certificates. If revocation is for one of the following, then the reasonCode extension MUST NOT must not be provided for that entry in the CRL.
* unspecified (RFC 5280 CRLReason #0)
** Section 5.3.1 of RFC 5280 says: ''the reason code CRL entry extension SHOULD be absent instead of using the unspecified (0) reasonCode value''