Confirm, administrator
5,526
edits
Changes
m
added note about incorporation by reference
Section 6.1.1 of Mozilla's Root Store Policy says:
''The CA operator's subscriber agreement for TLS end entity certificates MUST inform certificate subscribers about the revocation reason options listed above and provide explanation about when to choose each option. Tools that the CA operator provides to the certificate subscriber MUST allow for these options to be easily specified when the certificate subscriber requests revocation of their certificate, with the default value being that no revocation reason is provided (i.e. the default corresponds to the CRLReason “unspecified (0)” which results in no reasonCode extension being provided in the CRL).''
Note: Mozilla has agreed that CAs may meet this requirement using incorporation by reference. For example: "Subscriber is hereby informed, and acknowledges understanding, of the reasons for revoking a Certificate, including those stated in section [x] of the CPS, which is incorporated herein by reference and made a part of this Agreement."
Revocation Reason Options:
* No reason provided or unspecified (RFC 5280 CRLReason #0)
