It seems reasonable to allow for affiliationChanged (3) as Dimitris explained, so I have added the following description which is highlighted in blue in the document <https://docs.google.com/document/d/1ESakR4MiwyENyuLefyH2wG8rYbtnmG1xeSYvDNpS-EI/edit?usp=sharing>. I will appreciate feedback on this. ==
affiliationChanged (3) The CRLReason affiliationChanged (3) MUST be used when the certificate subscriber has requested that their certificate be revoked for this reason, or the CA has replaced the certificate due to changes in the certificate’s public-key and the CA has not replaced the certificate for the other reasons: keyCompromise (1), superseded (4), cessationOfOperation (5), and privilegeWithdrawn (9). Otherwise this CRLReason MUST NOT be used. The CRLReason affiliationChanged (3) is intended to be used to indicate that the subject's name or other information in the public-key certificate has been modified but there is no cause to suspect that the private key has been compromised. == Thanks, Kathleen -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/d64642fe-12f7-4cde-b6d9-2e6e2b821db2n%40mozilla.org.
