On 17/09/15 12:19, Rob Stradling wrote: > On 15/09/15 10:17, Gervase Markham wrote: >> On 11/09/15 22:06, Rob Stradling wrote: >>> On 11/09/15 13:05, Gervase Markham wrote: >>>> On 08/09/15 10:54, Rob Stradling wrote: >>>>> Assuming this is still Mozilla's plan, please would you clarify which >>>>> versions of Firefox and Thunderbird will be (or were?) the first >>>>> versions that won't accept "normal CA-issued object-signing certificates" >>>>> ? >>>> >>>> Extension signing was historically very rare, so I'm not sure what our >>>> new signing system would do when faced with an extension which is >>>> already signed. (Is that what you are asking?) >>> >>> Yes, that's what I'm asking. >> >> I would ask Jorge Villalobos, perhaps in the group >> mozilla.addons.user-experience: >> https://www.mozilla.org/en-US/about/forums/#addons-user-experience > > Thanks Gerv. > > I've posted a comment (currently awaiting moderation) here: > https://blog.mozilla.org/addons/2015/09/16/extending-the-deadline-for-add-on-signing/ > > (Not sure I can face joining Yet Another Newsgroup!)
Gerv, Kathleen, Jorge replied [1]: "The new signing system removes the existing signature, since there can only be one. For the moment this should only affect Firefox. There are no current plans to require signatures on Thunderbird." So it's clear that, for Firefox, code signing certificates from commercial CAs will cease to be useful once the new extension signing requirement comes into effect. But since there are no current plans to change Thunderbird... Does this mean that Thunderbird still has a use for code signing certificates from commercial CAs and, consequently, the NSS code signing trust bit? [1] https://blog.mozilla.org/addons/2015/09/16/extending-the-deadline-for-add-on-signing/comment-page-1/#comment-219722 -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
