Change to Chrome's CT policy: removing support for OCSP-delivered SCTs

52 views

Skip to first unread message

Joe DeBlasio

unread,

Mar 20, 2026, 2:10:11 PM (4 days ago) Mar 20

to Certificate Transparency Policy

Hi folks,

In Chrome 148, releasing May 5, 2026, SCTs delivered to Chrome within a stapled OCSP response will not count towards the SCTs necessary for satisfying Chrome's CT policy. As with all CT enforcement in Chrome, this applies only to certificates that chain to roots included by default in Chrome's root store.

For the past several years, usage of SCTs delivered via OCSP has remained exceptionally low, recently accounting for significantly less than one in ten million TLS handshakes. Two years ago, the CA/B forum made support for OCSP among CAs optional, and we expect support for OCSP to only diminish further with time.

As usage of SCTs delivered via OCSP is so low, we expect the impact of this change to be minimal. If you are relying on SCTs delivered via OCSP, you must transition to certificates with SCTs embedded or provide SCTs via the TLS handshake by May to ensure your certificates continue to validate in Chrome.

Questions welcome,

Joe, on behalf of the Chrome CT team

Reply all

Reply to author

Forward

0 new messages