m.d.s.policy proposal to remove S/MIME support from Mozilla root certificates

Wayne Mery (Thunderbird QA) vseerror at lehigh.edu
Wed Sep 23 14:58:30 UTC 2015


cc: jcranmer

On 9/23/2015 9:17 AM, Gervase Markham wrote:
> On 22/09/15 18:55, R Kent James wrote:
>> The following discussion was initiated yesterday in the m.d.s.policy
>> discussion group. As I understand it, if implemented this policy would
>> effectively render S/MIME security unusable in Thunderbird unless we
>> maintained our own formal program to validate and install root
>> certificates for S/MIME security within Thunderbird.
>>
>> Brian Smith is advocating strongly to remove this support.
>
> Are we certain S/MIME is still fully functional in Thunderbird? Brian
> expressed some doubts about that.

I'd be surprised if the example bug bsmith gave indicates s/mime is 
sorely broken - I couldn't reproduce with the user's STR.  But likely 
standard8, mkmellin and jcranmer could best address the functionality 
question.


> He also raised the issue that the code seems not to be actively
> maintained, citing a security bug which had gone unfixed and untriaged.

"Here is a good example to show that the security of Thunderbird's 
S/MIME handling is not properly managed:
https://bugzilla.mozilla.org/show_bug.cgi?id=1178032"

I doubt that bug is representative of the general state of s/mime 
issues, and he doesn't cite other bugs.  Though I fail to see how citing 
a few bugs is relevant to the idea that s/mime should be ripped out.

I personally don't regularly seek and triage such issues - I just such 
bugs when they are brought to my attention or I come across them - 
because this is not an area of expertise for me.

Magnus, you frequently looks for such bugs, correct?
And who else regularly looks for these bugs?


> If the TB community is going to respond to him, it might be good to pick
> up on these two points.

More generally regarding security ....

There are people in moco who bring important issues to our attention - 
so these types of issues are not getting ignored.  But I've generally 
been concerned that we don't have individual (or team) in charge of 
security.  So I'm sure we can do better, and need to. someone who 
organizes, coordinates with moco, and ensure that everything in 
Thunderbird and in BMO is in good order - otherwise we get security 
surprises and undesirable holes. Right know, I'd say the defacto owner 
is "thunderbird drivers" - i.e. no one is really in charge.

Since yesterday I've started looking into the general state of the bugs. 
I'm happy to help, but it's too much for one person.


> Gerv
> _______________________________________________
> tb-planning mailing list
> tb-planning at mozilla.org
> https://mail.mozilla.org/listinfo/tb-planning
>




More information about the tb-planning mailing list