Changes

CA/Revocation Reasons

189 bytes added, 19:42, 19 May 2022

m

fixing problems with normative text (all-caps MUST) introducing requirements more stringent than MRSP

== Banned Revocation Reasons ==

~~The CRL~~ Section 6.1.1 of Mozilla's Root Store Policy says: ''If the certificate is revoked for a reason not listed ..., then the reasonCode extension MUST NOT be provided in the CRL.'' Therefore, the CRL reasonCode extension must not contain any of the following reasons for TLS end-entity certificates. If revocation is for one of the following, then the reasonCode extension ~~MUST NOT~~ must not be provided for that entry in the CRL.

* unspecified (RFC 5280 CRLReason #0)

** Section 5.3.1 of RFC 5280 says: ''the reason code CRL entry extension SHOULD be absent instead of using the unspecified (0) reasonCode value''

Kathleen Wilson

Confirm, administrator

5,526

edits

Changes

CA/Revocation Reasons

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools