m.d.s.policy proposal to remove S/MIME support from Mozilla root certificates
R Kent James
kent at caspia.com
Tue Sep 22 17:55:45 UTC 2015
The following discussion was initiated yesterday in the m.d.s.policy
discussion group. As I understand it, if implemented this policy would
effectively render S/MIME security unusable in Thunderbird unless we
maintained our own formal program to validate and install root
certificates for S/MIME security within Thunderbird.
Brian Smith is advocating strongly to remove this support.
I'll give some response there, but I'm not that familiar with the issues
involved. Probably not best to flame m.d.s.policy with complaints, but
could we understand the issues here to give a thoughtful response?
-------- Forwarded Message --------
Subject: Policy Update Proposal -- Specify audit criteria according to
Date: Mon, 21 Sep 2015 19:07:07 -0700
From: Kathleen Wilson <kwilson at mozilla.com>
To: mozilla-dev-security-policy at lists.mozilla.org
The proposal is:
(D27) Clarify which audit criteria are required depending on which trust
bits are set. In particular, root certs with only the S/MIME trust bit
set will have different audit criteria requirements than root certs with
the Websites trust bit set.
First, we need to determine if the Email trust bit should remain part of
Mozilla's CA Certificate Policy.
As background, when a CA requests the Email trust bit, I verify the
information listed in #4 of
As we did with the discussion about the code signing trust bit, let's
list the arguments for and against removing references to the Email
trust bit from Mozilla's CA Certificate Policy.
Arguments against removing the Email trust bit:
- Users receiving email encrypted with an S/MIME certificate currently
do not have to manually trust the certificate if it already chains to a
root in a public root store.
- There are known organizations depending on root certificates in the
NSS root store for S/MIME.
- There is support for bolstering the policies and audit requirements
for the Email trust bit.
- What else?
Arguments for removing the Email trust bit:
- Mozilla's policies regarding Email certificates are not currently
- What else?
As always, I will appreciate your thoughtful and constructive input into
More information about the tb-planning