[Smcwg-public] [EXTERNAL] Microsoft requirements for OCSP URLs in S/MIME certificates

[Stephen Davidson]

Thank you for the clarification Karina.

I will draft corresponding amendments to the S/MIME BR for discussion on the SMCWG call this Wednesday.



With kind regards, Stephen





From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Karina Sirota Goodley via Smcwg-public
Sent: Sunday, October 9, 2022 7:31 PM
To: Paul van Brouwershaven <Paul.vanBrouwershaven at entrust.com>; SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: Re: [Smcwg-public] [EXTERNAL] Microsoft requirements for OCSP URLs in S/MIME certificates



Yes, the correction is correct.



Best,

Karina



Karina Sirota Goodley | Security Program Manager 2

Trusted Root Program, Trust Governance and Resilience



After-hours responses neither required nor expected.









From: Paul van Brouwershaven <Paul.vanBrouwershaven at entrust.com<mailto:Paul.vanBrouwershaven at entrust.com>>
Sent: Sunday, October 9, 2022 1:14 PM
To: Karina Sirota Goodley <Karina.Sirota at microsoft.com<mailto:Karina.Sirota at microsoft.com>>; SMIME Certificate Working Group <smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org>>
Cc: Karina Sirota Goodley <Karina.Sirota at microsoft.com<mailto:Karina.Sirota at microsoft.com>>
Subject: Re: [EXTERNAL] [Smcwg-public] Microsoft requirements for OCSP URLs in S/MIME certificates



        You don't often get email from paul.vanbrouwershaven at entrust.com<mailto:paul.vanbrouwershaven at entrust.com>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>



Hi Karina,



> OCSP is not optional for TLS at this time. Thus, we will be changing our policy to : "All non-TLS end-entity certificates must contain an AIA extension with a valid OCSP URL". We will continue to investigate OCSP for TLS.



Do you mean: "All TLS end-entity certificates must contain an AIA extension with a valid OCSP URL"



Paul







  _____

From: Smcwg-public <smcwg-public-bounces at cabforum.org<mailto:smcwg-public-bounces at cabforum.org>> on behalf of Karina Sirota Goodley via Smcwg-public <smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org>>
Sent: Sunday, October 9, 2022 8:08:42 PM
To: smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org> <smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org>>
Cc: Karina Sirota Goodley <Karina.Sirota at microsoft.com<mailto:Karina.Sirota at microsoft.com>>
Subject: [EXTERNAL] [Smcwg-public] Microsoft requirements for OCSP URLs in S/MIME certificates



WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

  _____

Hi all,



In regards to the question of Microsoft requirements for OCSP URLs in S/MIME certificates, I had to do quite a bit of digging around the various teams across Microsoft. However, I can confirm that OCSP can be optional for any non-TLS certificate types. This includes S/MIME.



OCSP is not optional for TLS at this time. Thus, we will be changing our policy to : "All non-TLS end-entity certificates must contain an AIA extension with a valid OCSP URL". We will continue to investigate OCSP for TLS.



Best,

Karina Sirota Goodley





Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20221010/b0d48909/attachment.html>