[Servercert-wg] Revocation Reason Codes for CA Revocations

Ben Wilson bwilson at mozilla.com
Tue Jun 4 13:32:07 UTC 2024


All,

I've opened up this issue in GitHub -
https://github.com/cabforum/servercert/issues/520.
I recall that if a CA is revoked, then the reason code must be present (or
provided via OCSP) and must contain one of:

keyCompromise (1)
cACompromise (2)
affiliationChanged (3)
superseded (4)
cessationOfOperation (5)

Is my recollection correct?

Thanks,

Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240604/c58604e9/attachment.html>


More information about the Servercert-wg mailing list