Update finding metadata CSV

digicert · Nov 18, 2024 · 2375e01 · 2375e01
1 parent 25ab4cc
commit 2375e01
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/pkilint/cabf/serverauth/finding_metadata.csv b/pkilint/cabf/serverauth/finding_metadata.csv
@@ -140,6 +140,7 @@ ERROR,cabf.serverauth.prohibited_duplicate_attribute_type,Validates that only sp
 ERROR,cabf.serverauth.prohibited_san_type,Validates that the types of GeneralNames included in the SAN extension conform to BR 7.1.2.7.12.
 ERROR,cabf.serverauth.prohibited_signature_algorithm_encoding,Validates that the signature algorithm conforms with BR 7.1.3.2.
 ERROR,cabf.serverauth.prohibited_subject_public_key_algorithm_encoding,Validates that subject public key algorithm conforms with BR 7.1.3.1.
+ERROR,cabf.serverauth.subscriber.revocation_information_absent,"Validates that long-lived Subscriber Certificates contains either an OCSP pointer or CRLDP extension per BR 7.1.2.11.2."
 ERROR,cabf.serverauth.rdn_contains_multiple_atvs,"Validates that each RelativeDistguishedName contains exactly one AttributeTypeAndValue, as per BR 7.1.4.2."
 ERROR,cabf.serverauth.root.basic_constraints_extension_absent,Validates that the included extensions conform to BR 7.1.2.1.2.: A required element is absent
 ERROR,cabf.serverauth.root.extended_key_usage_extension_present,Validates that the included extensions conform to BR 7.1.2.1.2.: A prohibited element is present
@@ -185,6 +186,7 @@ ERROR,cabf.serverauth.subscriber_multiple_reserved_policy_oids,Validates that th
 ERROR,cabf.serverauth.subscriber_prohibited_ku_present,Validates that the content of the key usage extension conforms with BR 7.1.2.7.11.
 ERROR,cabf.serverauth.subscriber_required_ku_missing,Validates that the content of the key usage extension conforms with BR 7.1.2.7.11.
 ERROR,cabf.serverauth.subscriber_stateprovince_and_locality_missing,"Validates that the stateOrProvinceName and/or localityName subject attributes are present, as per EVG 9.2.6, BR 7.1.2.7.3, and BR 7.1.2.7.4."
+ERROR,msft.end_entity.revocation_information_absent,"Validates that the end-entity certificate contains either an OCSP or CRL HTTP URI per section 3.A.5 of Microsoft Root Program Requirements."
 ERROR,pkix.aki_with_cert_issuer_but_serial_number_absent,"RFC 5280 4.2.1.1: ""The identification MAY be based on either the key identifier (the subject key identifier in the issuer's certificate) or the issuer name and serial number"""
 ERROR,pkix.aki_with_serial_number_but_cert_issuer_absent,"RFC 5280 4.2.1.1: ""The identification MAY be based on either the key identifier (the subject key identifier in the issuer's certificate) or the issuer name and serial number"""
 ERROR,pkix.authority_information_access_extension_critical,"RFC 5280 4.2.2.1: ""Conforming CAs MUST mark this extension as non-critical."""