[Smcwg-public] OCSP URLs in S/MIME Certificates

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Fri Sep 23 17:52:21 UTC 2022


I dug up some emails HARICA exchanged with Microsoft Root Program 
Managers back in June 2021. We indicated that the Root Store Policy 
at-that-time had a "catch-all" phrase implying that OCSP URLs must be 
included in all Certificates trusted by Microsoft.

After it was pointed out by a Microsoft representative that it is not 
required for Code Signing Certificates, we reached out to Microsoft 
asking what is the case for other types of certificates. Their response was:

"Removing the OCSP URLs from non-TLS certificates is acceptable."

I know this is not a "normative statement" but for me it confirms that 
OCSP is not required for S/MIME Certificates in the Microsoft Root 
Program. So, unless there is an opposing statement by Microsoft, I hope 
we can agree to change the OCSP requirement from mandatory to optional 
in the first version of the SMBRs.

Thank you,
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220923/8aa867b7/attachment.html>


More information about the Smcwg-public mailing list