m.d.s.policy proposal to remove S/MIME support from Mozilla root certificates

Patrick Brunschwig patrick at enigmail.net
Wed Sep 23 13:51:31 UTC 2015


On 23.09.15 15:17, Gervase Markham wrote:
> On 22/09/15 18:55, R Kent James wrote:
>> The following discussion was initiated yesterday in the m.d.s.policy
>> discussion group. As I understand it, if implemented this policy would
>> effectively render S/MIME security unusable in Thunderbird unless we
>> maintained our own formal program to validate and install root
>> certificates for S/MIME security within Thunderbird.
>>
>> Brian Smith is advocating strongly to remove this support.
> 
> Are we certain S/MIME is still fully functional in Thunderbird? Brian
> expressed some doubts about that.

AFAIK, RFC 3851 (S/MIME version 3.1) is fully functional. The new
features of RFC 5757 (S/MIME version 3.2) are not supported.

> He also raised the issue that the code seems not to be actively
> maintained, citing a security bug which had gone unfixed and untriaged.
> 
> If the TB community is going to respond to him, it might be good to pick
> up on these two points.

I would consider it a very bad decision to remove support for S/MIME. I
believe that S/MIME is more widely adopted than OpenPGP. Outlook, Apple
Mail and many more mail clients support S/MIME, and I fear we'd loose
*many* users by removing S/MIME from Thunderbird.

-Patrick



More information about the tb-planning mailing list