Kathleen - I'm sorry if I missed an earlier explanation about why this is important, but could you explain why the emphasis on different reason codes for revocation and the requirement to not include a reason code if the revocation doesn't fall into one of the stated reasons.
Are you trying to get CAs to eventually use CRLs segmented by the different reason codes? Do you expect RP applications to treat certificate validation differently based on the reason code? Do you expect RP applications to potentially make the reason code available to end user so they can choose to continue trusting a revoked certificate if they don't care about the reason? Is it just for trust store programs to gather statistics about why certificates get revoked? I would expect the RP application to treat all revoked certificates the same regardless of the reason for the revocation, so I don't fully understand why this new policy is being developed. Thanks, wendy NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SA1PR03MB6626E060E2AF5E2C3B9556DCEE5A9%40SA1PR03MB6626.namprd03.prod.outlook.com.
