[Smcwg-public] [EXTERNAL] Microsoft requirements for OCSP URLs in S/MIME certificates
Karina Sirota Goodley
Karina.Sirota at microsoft.com
Sun Oct 9 22:30:37 UTC 2022
Yes, the correction is correct.
Best,
Karina
Karina Sirota Goodley | Security Program Manager 2
Trusted Root Program, Trust Governance and Resilience
After-hours responses neither required nor expected.
From: Paul van Brouwershaven <Paul.vanBrouwershaven at entrust.com>
Sent: Sunday, October 9, 2022 1:14 PM
To: Karina Sirota Goodley <Karina.Sirota at microsoft.com>; SMIME Certificate Working Group <smcwg-public at cabforum.org>
Cc: Karina Sirota Goodley <Karina.Sirota at microsoft.com>
Subject: Re: [EXTERNAL] [Smcwg-public] Microsoft requirements for OCSP URLs in S/MIME certificates
You don't often get email from paul.vanbrouwershaven at entrust.com<mailto:paul.vanbrouwershaven at entrust.com>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
Hi Karina,
> OCSP is not optional for TLS at this time. Thus, we will be changing our policy to : "All non-TLS end-entity certificates must contain an AIA extension with a valid OCSP URL". We will continue to investigate OCSP for TLS.
Do you mean: "All TLS end-entity certificates must contain an AIA extension with a valid OCSP URL"
Paul
________________________________
From: Smcwg-public <smcwg-public-bounces at cabforum.org<mailto:smcwg-public-bounces at cabforum.org>> on behalf of Karina Sirota Goodley via Smcwg-public <smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org>>
Sent: Sunday, October 9, 2022 8:08:42 PM
To: smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org> <smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org>>
Cc: Karina Sirota Goodley <Karina.Sirota at microsoft.com<mailto:Karina.Sirota at microsoft.com>>
Subject: [EXTERNAL] [Smcwg-public] Microsoft requirements for OCSP URLs in S/MIME certificates
WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
Hi all,
In regards to the question of Microsoft requirements for OCSP URLs in S/MIME certificates, I had to do quite a bit of digging around the various teams across Microsoft. However, I can confirm that OCSP can be optional for any non-TLS certificate types. This includes S/MIME.
OCSP is not optional for TLS at this time. Thus, we will be changing our policy to : "All non-TLS end-entity certificates must contain an AIA extension with a valid OCSP URL". We will continue to investigate OCSP for TLS.
Best,
Karina Sirota Goodley
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20221009/a1a75375/attachment-0001.html>
More information about the Smcwg-public
mailing list