m.d.s.policy proposal to remove S/MIME support from Mozilla root certificates

Joshua Cranmer 🐧 pidgeot18 at gmail.com
Wed Sep 23 22:50:55 UTC 2015

On 9/23/2015 8:51 AM, Patrick Brunschwig wrote:
> On 23.09.15 15:17, Gervase Markham wrote:
>> On 22/09/15 18:55, R Kent James wrote:
>>> The following discussion was initiated yesterday in the m.d.s.policy
>>> discussion group. As I understand it, if implemented this policy would
>>> effectively render S/MIME security unusable in Thunderbird unless we
>>> maintained our own formal program to validate and install root
>>> certificates for S/MIME security within Thunderbird.
>>> Brian Smith is advocating strongly to remove this support.
>> Are we certain S/MIME is still fully functional in Thunderbird? Brian
>> expressed some doubts about that.
> AFAIK, RFC 3851 (S/MIME version 3.1) is fully functional. The new
> features of RFC 5757 (S/MIME version 3.2) are not supported.

That's not quite true. S/MIME 3.1 added triple-wrapping and header 
encapsulation, which we don't exactly support in the way you would 
normally expect it to mean (it turns out that doing absolutely nothing 
means that they still sort of work on decode, and we do absolutely 
nothing)--but then again, I have yet to find a client that actually 
supports those features.

Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist

More information about the tb-planning mailing list