I feel like the following logical proposition implies that only the keyCompromise reason should be used any time one is revoking using the certificate private key, which seems inverted and/or overly limiting.
That seems to imply:
If/when revoking using the certificate private key, only request the "keyCompromise" revocation reason.
While I first admit that revocation reasons are not my strong suit in ACME, are there other reasons for requesting revocation using the certificate private key, such as decommissioning?
Should the quoted block be worded:
only requests revocation using the certificate private key (or ACME account key) when the “keyCompromise” revocation reason is used.
That seems to imply:
If/when the "keyCompromise" revocation reason is used, only revoke using the certificate private key (or the ACME account key).