The CA/Browser Forum has approved Ballot SC61 with directions as to which certificate revocation lists (CRL) revocation reason code should be used for a revocation of a TLS certificates.
What is the problem? RFC 5280 provides a list of revocation reason codes, but it is left to each Certification Authority (CA) to determine which code they will use. The result is inconsistency in the reason codes provided in different CRLs.
So why does inconsistency matter as revocation is revocation, right? If the CAs use consistent revocation reasons, then the browsers may be able to use the revocation reason to provide different output to the browser users. For instance, a certificate which has been revoked due to key compromise may be indicating an attacker is using the private key, so the certificate should not be trusted. On the other hand, if a certificate was revoked because it was renewed would mean the original certificate did not have any trust issues. The result may be that the browsers would support hard revocation for some revocation reasons and not for others.
So what is hard revocation? This would mean the certificate should not be trusted, so the website would not be presented to the browser user.
Here is the list of revocation reasons from RFC 5280 with a description as to when the reason can be used.
- unspecified (0) – used when no specific reason is provided, a CA right to issue has expired, or for a reason specified in the CA’s CP or CPS, which is not specified in the TLS Baseline Requirements (TLS BRs)
- keyCompromise (1) – the private key corresponding to the certificate has been compromised, the private key is weak and can be easily computed, or the method to generate the private key was flawed
- cACompromise (2) – this reason is not applicable to TLS certificates; however a CA can use this reason if an associated CA is compromised
- affiliationChanged (3) – no use designated in the TLS BRs
- superseded (4) – the validation of the domain name or IP address is not reliable, the key size or public key parameters are not applicable, or the certificate was issued not in compliance with the TLS BRs or the CP/CPS
- cessationOfOperation (5) – the website associated with the certificate is no longer in operation
- certificateHold (6) – not allowed to be used by the TLS BRs
- removeFromCRL (8) – not applicable
- privilegeWithdrawn (9) – certificate request was not authorized, certificate was misused, subscriber violated the subscriber agreement, wildcard certificate supports a fraudulent domain name, there is a material change in the information in the certificate, or the information in the certificate is inaccurate
- aACompromise (10) – not applicable
Ballot SC61 is effective 15 July 2023, so the CAs will be updating their policies and procedures before this date.
Since many CAs also issue other certificates such as Code Signing and S/MIME, we can expect similar revocation reason practices to be used for all certificate types.