nRevoking
a CA cert is more problematic than revoking an end-entity cert
nWhen
you revoke a CA cert, you potentially take out the entire subordinate structure,
depending on what chaining logic you use
nHow
do you revoke a self-signed cert?
n“The
cert revokes itself.”
nHuh?
nDo
I accept the CRL as valid & bounce the cert?
nDo
I reject the CRL because the cert associated with the CRL signing key was
revoked?