All, I've opened up this issue in GitHub - https://github.com/cabforum/servercert/issues/520. I recall that if a CA is revoked, then the reason code must be present (or provided via OCSP) and must contain one of:
keyCompromise (1) cACompromise (2) affiliationChanged (3) superseded (4) cessationOfOperation (5) Is my recollection correct? Thanks, Ben
_______________________________________________ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
