[Cscwg-public] Requirement for OCSP in Timestamping Certificates
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Mon Feb 1 09:31:56 UTC 2021
According to the requirements, and section 13.2.1:
"CAs MUST provide OCSP responses for Code Signing Certificates and
Timestamp Certificates for the time period specified in their CPS, which
MUST be at least 10 years after the expiration of the certificate"
However, according to Certificate Consumer policies, either CRL or OCSP
is required to be used.
I would like to ask for Members to consider requiring either CRL or OCSP
information to be required in end-entity certificates used for
Time-stamping. The rationale is that Time-stamping Certificates are very
few compared to other end-entity certificates and CRLs should be
considered sufficient because their size is not significant.
Please let me know your thoughts, concerns or objections.
Thank you,
Dimitris.
More information about the Cscwg-public
mailing list