[Cscwg-public] Suspension of code signing certs

[Adriano Santoni]

All,

this is probably an old matter, but I could not solve my doubts browsing 
the past posts.

I suppose, but I am not certain, that - as for SSL Server certificates - 
Code Signing certificates must not be suspended (that is, there must not 
be a CRLReason "certificateHold" in a CRL entry). But maybe I am wrong, 
as I cannot find the relevant language in the Code Signing BR. Anybody, 
please point me at the right spot in the document.

TIA

Adriano


Il 01/02/2021 10:32, Dimitris Zacharopoulos (HARICA) via Cscwg-public ha 
scritto:
>
> According to the requirements, and section 13.2.1:
>
> "CAs MUST provide OCSP responses for Code Signing Certificates and 
> Timestamp Certificates for the time period specified in their CPS, 
> which MUST be at least 10 years after the expiration of the certificate"
>
> However, according to Certificate Consumer policies, either CRL or 
> OCSP is required to be used.
>
> I would like to ask for Members to consider requiring either CRL or 
> OCSP information to be required in end-entity certificates used for 
> Time-stamping. The rationale is that Time-stamping Certificates are 
> very few compared to other end-entity certificates and CRLs should be 
> considered sufficient because their size is not significant.
>
> Please let me know your thoughts, concerns or objections.
>
>
> Thank you,
> Dimitris.
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210202/22882bc2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210202/22882bc2/attachment.p7s>