The only restrictions on reason codes for revocations that I am aware of is Mozilla's recent addition to their root program rules, https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#611-end-entity-tls-certificate-crlrevocation-reasons
The corresponding wiki page definitely appears to imply that reason codes were generally not restricted, https://wiki.mozilla.org/CA/Revocation_Reasons (but I am far from an expert in such policy matters) On Tue, Aug 9, 2022 at 2:52 PM Tavis Ormandy <[email protected]> wrote: > Apologies if I send this twice, I tried posting it via gmane and I think it > failed. > > I understand the BRs require revocation in some circumstances, but are > there any > limits on when an issuer can revoke? Can they revoke for any reason > whatsoever? > Is the reason code required to be honest? > > I was recently surprised by an issuer demanding maintenance fees to *not* > revoke > a certificate. The certificate was not compromised and not expiring. Is > this > permitted by the BRs? It feels like misusing a mechanism that was intended > to > protect the PKI, not extract profit. > > I was being lazy and not migrating a very old system to ACME. I've > migrated it now, because that felt really gross. I don't know what reason > code > they use for the revocation, I guess I'm curious if they will lie. > > Tavis. > > -- > _o) $ lynx lock.cmpxchg8b.com > /\\ _o) _o) $ finger [email protected] > _\_V _( ) _( ) @taviso > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20220809175618.GA9423%40thinkstation.cmpxchg8b.net > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAKh5S0a1RxXsYuU74EXN8VPXxzgSV__rGwFVA%3DuUMB%3DxXLFimg%40mail.gmail.com.
