m.d.s.policy proposal to remove S/MIME support from Mozilla root certificates

R Kent James kent at caspia.com
Tue Sep 22 17:55:45 UTC 2015


The following discussion was initiated yesterday in the m.d.s.policy 
discussion group. As I understand it, if implemented this policy would 
effectively render S/MIME security unusable in Thunderbird unless we 
maintained our own formal program to validate and install root 
certificates for S/MIME security within Thunderbird.

Brian Smith is advocating strongly to remove this support.

I'll give some response there, but I'm not that familiar with the issues 
involved. Probably not best to flame m.d.s.policy with complaints, but 
could we understand the issues here to give a thoughtful response?

:rkent


-------- Forwarded Message --------
Subject: Policy Update Proposal -- Specify audit criteria according to 
trust bit
Date: Mon, 21 Sep 2015 19:07:07 -0700
From: Kathleen Wilson <kwilson at mozilla.com>
To: mozilla-dev-security-policy at lists.mozilla.org
Newsgroups: mozilla.dev.security.policy

In https://wiki.mozilla.org/CA:CertificatePolicyV2.3

The proposal is:

(D27) Clarify which audit criteria are required depending on which trust
bits are set. In particular, root certs with only the S/MIME trust bit
set will have different audit criteria requirements than root certs with
the Websites trust bit set.

First, we need to determine if the Email trust bit should remain part of
Mozilla's CA Certificate Policy.

As background, when a CA requests the Email trust bit, I verify the
information listed in #4 of
https://wiki.mozilla.org/CA:Information_checklist#Verification_Policies_and_Practices


As we did with the discussion about the code signing trust bit, let's
list the arguments for and against removing references to the Email
trust bit from Mozilla's CA Certificate Policy.

Arguments against removing the Email trust bit:
- Users receiving email encrypted with an S/MIME certificate currently
do not have to manually trust the certificate if it already chains to a
root in a public root store.
- There are known organizations depending on root certificates in the
NSS root store for S/MIME.
- There is support for bolstering the policies and audit requirements
for the Email trust bit.
- What else?


Arguments for removing the Email trust bit:
- Mozilla's policies regarding Email certificates are not currently
sufficient.
- What else?


As always, I will appreciate your thoughtful and constructive input into
this discussion.

Thanks,
Kathleen






More information about the tb-planning mailing list