[Smcwg-public] [EXTERNAL] Microsoft requirements for OCSP URLs in S/MIME certificates

Paul van Brouwershaven Paul.vanBrouwershaven at entrust.com
Sun Oct 9 18:14:01 UTC 2022 

Hi Karina,

> OCSP is not optional for TLS at this time. Thus, we will be changing our policy to : “All non-TLS end-entity certificates must contain an AIA extension with a valid OCSP URL”. We will continue to investigate OCSP for TLS.

Do you mean: “All TLS end-entity certificates must contain an AIA extension with a valid OCSP URL”

Paul



________________________________
From: Smcwg-public <smcwg-public-bounces at cabforum.org> on behalf of Karina Sirota Goodley via Smcwg-public <smcwg-public at cabforum.org>
Sent: Sunday, October 9, 2022 8:08:42 PM
To: smcwg-public at cabforum.org <smcwg-public at cabforum.org>
Cc: Karina Sirota Goodley <Karina.Sirota at microsoft.com>
Subject: [EXTERNAL] [Smcwg-public] Microsoft requirements for OCSP URLs in S/MIME certificates

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________

Hi all,



In regards to the question of Microsoft requirements for OCSP URLs in S/MIME certificates, I had to do quite a bit of digging around the various teams across Microsoft. However, I can confirm that OCSP can be optional for any non-TLS certificate types. This includes S/MIME.



OCSP is not optional for TLS at this time. Thus, we will be changing our policy to : “All non-TLS end-entity certificates must contain an AIA extension with a valid OCSP URL”. We will continue to investigate OCSP for TLS.



Best,

Karina Sirota Goodley





Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20221009/ef54b121/attachment.html>

More information about the Smcwg-public mailing list