m.d.s.policy proposal to remove S/MIME support from Mozilla root certificates
Joshua Cranmer 🐧
pidgeot18 at gmail.com
Wed Sep 23 22:50:55 UTC 2015
On 9/23/2015 8:51 AM, Patrick Brunschwig wrote:
> On 23.09.15 15:17, Gervase Markham wrote:
>> On 22/09/15 18:55, R Kent James wrote:
>>> The following discussion was initiated yesterday in the m.d.s.policy
>>> discussion group. As I understand it, if implemented this policy would
>>> effectively render S/MIME security unusable in Thunderbird unless we
>>> maintained our own formal program to validate and install root
>>> certificates for S/MIME security within Thunderbird.
>>> Brian Smith is advocating strongly to remove this support.
>> Are we certain S/MIME is still fully functional in Thunderbird? Brian
>> expressed some doubts about that.
> AFAIK, RFC 3851 (S/MIME version 3.1) is fully functional. The new
> features of RFC 5757 (S/MIME version 3.2) are not supported.
That's not quite true. S/MIME 3.1 added triple-wrapping and header
encapsulation, which we don't exactly support in the way you would
normally expect it to mean (it turns out that doing absolutely nothing
means that they still sort of work on decode, and we do absolutely
nothing)--but then again, I have yet to find a client that actually
supports those features.
Thunderbird and DXR developer
Source code archæologist
More information about the tb-planning