On 9/22/2015 11:41 AM, Kathleen Wilson wrote:
Large parts of it are
out of date and the people who maintain the certificate validation logic
aren't required to keeping S/MIME stuff working. In particular, it is OK
according to current development policies for us to change Gecko's
certificate validation logic so that it works for SSL but doesn't
(completely) work for S/MIME. So, basically, Mozilla doesn't implement
software that can properly use S/MIME certificates, as far as we know.
Is this true? Can some at Mozilla confirm or deny this statement about
current development policies?
Last I checked, Thunderbird is a product whose trademark is owned by
Mozilla, whose infrastructure is paid for by Mozilla, and whose
developers are Mozilla community members. And it is still a product with
active development.
So saying that Mozilla doesn't have any software that uses S/MIME is a
lie. The Mozilla Corporation does not have any paid developers on
Thunderbird, but Mozilla is not limited to the Corporation, the last I knew.
--
Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
