Joshua Cranmer 🐧 <[email protected]> wrote: > Kathleen Wilson wrote: > >> Large parts of it are >>> out of date and the people who maintain the certificate validation logic >>> aren't required to keeping S/MIME stuff working. In particular, it is OK >>> according to current development policies for us to change Gecko's >>> certificate validation logic so that it works for SSL but doesn't >>> (completely) work for S/MIME. So, basically, Mozilla doesn't implement >>> software that can properly use S/MIME certificates, as far as we know. >>> >>> >> Is this true? Can some at Mozilla confirm or deny this statement about >> current development policies? >> > > Last I checked, Thunderbird is a product whose trademark is owned by > Mozilla, whose infrastructure is paid for by Mozilla, and whose developers > are Mozilla community members. And it is still a product with active > development. > > So saying that Mozilla doesn't have any software that uses S/MIME is a lie.
Literally nobody said that. I said "Mozilla doesn't implement software that can properly use S/MIME certificates, we far as we know." The key word is *properly*. I cited two pieces of evidence in support of that. Also, Joshua, I wish that the situation with Thunderbird was the opposite of what it is. But, it is what it is and we have to acknowledge that. Cheers, Brian -- https://briansmith.org/ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
