Confirmed users, Administrators
5,526
edits
CA/Revocation Reasons: Difference between revisions
Jump to navigation
Jump to search
m
Added further clarifications
m (Added further clarifications) |
m (Added further clarifications) |
||
| Line 100: | Line 100: | ||
#* The CA may revoke all certificates associated with that subscriber that contain that public key | #* The CA may revoke all certificates associated with that subscriber that contain that public key | ||
#* The CA may block issuance of future certificates with that key for that subscriber | #* The CA may block issuance of future certificates with that key for that subscriber | ||
#* Unless the CA receives evidence of private key compromise the CA must not revoke all instances of that key across all other subscribers | #* Unless the CA receives verifiable evidence of private key compromise the CA must not revoke all instances of that key across all other subscribers | ||
# The certificate subscriber previously requested revocation without demonstrating possession of the private key, and later sends another revocation request which does demonstrate possession of the private key. | # The certificate subscriber previously requested revocation without demonstrating possession of the private key, and later sends another revocation request which does demonstrate possession of the private key. | ||
#* After receiving the revocation request with demonstrated possession of the private key, the CA must revoke all instances of that key across all subscribers | #* After receiving the revocation request with demonstrated possession of the private key, the CA must revoke all instances of that key across all subscribers | ||