* Expects CAs to follow the [https://cabforum.org/baseline-requirements-documents/ BRs]
* Does not expect [https://www.mozilla.org/projects/security/certs/policy/ Mozilla Root Store Policy] section 6.1.1, "End-Entity TLS Certificate CRLRevocation Reasons", to also apply to OCSP responses
* Does not expect consistency between OCSP responses and CRL CRLs to contain the same revocation reason codes code for a each certificate
* Does not do anything special for an OCSP response indicating certificateHold