Apologies if I send this twice, I tried posting it via gmane and I think it failed.
I understand the BRs require revocation in some circumstances, but are there any limits on when an issuer can revoke? Can they revoke for any reason whatsoever? Is the reason code required to be honest? I was recently surprised by an issuer demanding maintenance fees to *not* revoke a certificate. The certificate was not compromised and not expiring. Is this permitted by the BRs? It feels like misusing a mechanism that was intended to protect the PKI, not extract profit. I was being lazy and not migrating a very old system to ACME. I've migrated it now, because that felt really gross. I don't know what reason code they use for the revocation, I guess I'm curious if they will lie. Tavis. -- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger [email protected] _\_V _( ) _( ) @taviso -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20220809175618.GA9423%40thinkstation.cmpxchg8b.net.
