OK, how about the following text? == The scope of revocation depends on whether the certificate subscriber has proven possession of the private key of the certificate. - If the certificate subscriber requests that the CA revoke the certificate for keyCompromise, and has not previously demonstrated and cannot currently demonstrate possession of the associated private key of that certificate, the CA SHOULD limit revocation to only certificates that are associated with that subscriber and which contain that public key. - If anyone requesting revocation has previously demonstrated or can currently demonstrate possession of the private key of the certificate, then the CA MUST revoke all instances of that key across all subscribers. ==
Thanks for your patience on this -- it's a tricky one for me. Kathleen -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/760a0d50-3c9d-4452-bc74-808107f16176n%40mozilla.org.
