[Smcwg-public] OCSP URLs in S/MIME Certificates
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Fri Sep 23 17:52:21 UTC 2022
I dug up some emails HARICA exchanged with Microsoft Root Program
Managers back in June 2021. We indicated that the Root Store Policy
at-that-time had a "catch-all" phrase implying that OCSP URLs must be
included in all Certificates trusted by Microsoft.
After it was pointed out by a Microsoft representative that it is not
required for Code Signing Certificates, we reached out to Microsoft
asking what is the case for other types of certificates. Their response was:
"Removing the OCSP URLs from non-TLS certificates is acceptable."
I know this is not a "normative statement" but for me it confirms that
OCSP is not required for S/MIME Certificates in the Microsoft Root
Program. So, unless there is an opposing statement by Microsoft, I hope
we can agree to change the OCSP requirement from mandatory to optional
in the first version of the SMBRs.
Thank you,
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220923/8aa867b7/attachment.html>
More information about the Smcwg-public
mailing list