On Thu, Sep 10, 2015 at 1:20 PM, Kathleen Wilson <[email protected]> wrote:
> Proposal for version 2.3 of Mozilla's CA Certificate Policy: > > Remove the code signing trust bit. > > If this proposal is accepted, then there would be follow-up action items > that would need to happen after version 2.3 of the policy is published: > 1) Remove any root certificates that do not have the Websites and/or Email > trust bit set. > 2) Remove references to Code Signing trust bits from Mozilla’s wiki pages. > FWIW, I think this is a great and long-overdue idea. Mozilla can't do everything; it has to make trade-offs on what to spend its time on. And, it makes much more sense to stop caring about code signing trust bits in NSS to make time for solve more important issues that are more relevant to Mozilla's mission. Building a properly-run code signing certificate program would be a ton of work that Mozilla simply has never done. I think some of the arguments in this thread for keeping code signing in Mozilla's program aren't fully informed on just how little Mozilla actually did with respect to code signing CA trust. The same argument applies to email. Nobody wants to admit that Thunderbird is dead, it is uncomfortable to know that the S/MIME handling in Thunderbird has been unmaintained for at least half a decade, and it's a little embarrassing to admit that the model we use for deciding which CAs get the SSL trust bit works even less well for S/MIME and that basically nobody cares about the S/MIME or code signing bits. But that's all true. It's my professional opinion that if you actually care about S/MIME security then it would be a mistake to use Thunderbird. (Sorry, people volunteering to keep Thunderbird going.) Cheers, Brian _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
