Kathleen Wilson <[email protected]> wrote: > Arguments for removing the Email trust bit: > - Mozilla's policies regarding Email certificates are not currently > sufficient. > - What else? > > * It isn't clear that S/MIME using certificates from publicly-trusted CAs is a model of email security that is worth supporting. Alternatives with different models exist, such a GPG and TextSecure. IMO, the TextSecure model is more in line with what Mozilla is about that the S/MIME model.
* It is better to spend energy improving TLS-related work than S/MIME-related stuff. The S/MIME stuff distracts too much from the TLS work. * We can simplify the policy and tighten up the policy language more if the policy only has to deal with TLS certificates. * Mozilla's S/MIME processing isn't well supported. Large parts of it are out of date and the people who maintain the certificate validation logic aren't required to keeping S/MIME stuff working. In particular, it is OK according to current development policies for us to change Gecko's certificate validation logic so that it works for SSL but doesn't (completely) work for S/MIME. So, basically, Mozilla doesn't implement software that can properly use S/MIME certificates, as far as we know. Just to make sure people understand the last point: I think it is great that people try to maintain Thunderbird. But, it was a huge burden on Gecko developers to maintain Thunderbird on top of maintaining Firefox, and some of us (including me, when I worked at Mozilla) lobbied for a policy change that let us do our work without consideration for Thunderbird. Thus, when we completely replaced the certificate verification logic in Gecko last year, we didn't check how it affected Thunderbird's S/MIME processing. Somebody from the Thunderbird maintenance team was supposed to do so, but I doubt anybody actually did. So, it would be prudent to assume that Thunderbird's S/MIME certificate validation is broken. Cheers, Brian -- https://briansmith.org/ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
