Open sgoendoer opened 8 years ago
These are all valid reasons, but for implementation purposes do we need them all? If necessary, I would say we can simplify by considering that:
A general "unspecified" could be useful for future, unforeseen cases.
I can't come up with a case that is not already covered by @sgoendoer 's list.
Well, I made this list not as a proposal to use ALL of them, just to have a list of all (?) possible reasons why someone would want to revoke a key. Hence, as Ricardo already pointed out, a much smaller subset of reasons might suffice. "Key outdated": No, I guess, this reason in the certificate would be just an "explanation" why your key is not in use anymore. As already noted, after a certificate expired, noone is forced to (manually) revoke the key additionally.
Reasons a user might want to revoke the keypair used to create the GUID
RFC3280 defined two main states of a revocation: HOLD (temporary) and REVOKED (indefinitely). RFC5280 defines the following reasons for a key revocation:
I don't think we would need all of those. Here is a (incomplete?) list of reasons in the rethink-context. Please feel free to extend and/or discuss the list items:
severe reasons
other reasons