RFC 7525: Recommendations for Secure Use of TLS and DTLS
rfc-editor.orgSame link but with section hrefs: http://www.rfcreader.com/#rfc7525
Ummm, BluCoat/WebSense blocked the rfcreader.com.
No reason given.
Try this one: https://tools.ietf.org/html/rfc7525
It's really a shame that there's still no good way to revoke a certificate [0].
Mozilla has been discussing it for years [1] but an implementation or even a chosen direction is far from reality.