On 9/22/15 1:47 AM, Brian Smith wrote:
Kathleen Wilson <[email protected]> wrote:
Arguments for removing the Email trust bit:
- Mozilla's policies regarding Email certificates are not currently
sufficient.
- What else?
* It isn't clear that S/MIME using certificates from publicly-trusted CAs
is a model of email security that is worth supporting. Alternatives with
different models exist, such a GPG and TextSecure. IMO, the TextSecure
model is more in line with what Mozilla is about that the S/MIME model.
It is my understanding that many people depend on this type of
certificate for proof of identity. So, perhaps "Email trust bit" is a
misnomer.
* It is better to spend energy improving TLS-related work than
S/MIME-related stuff. The S/MIME stuff distracts too much from the TLS work.
Please further explain whose energy this is referring too, and who is
getting distracted too much from the TLS work.
* We can simplify the policy and tighten up the policy language more if the
policy only has to deal with TLS certificates.
Another approach would be to separate the policy language that is
specific to the "Email trust bit" certs.
* Mozilla's S/MIME processing isn't well supported.
Mozilla is not the only consumer of the NSS root store.
Large parts of it are
out of date and the people who maintain the certificate validation logic
aren't required to keeping S/MIME stuff working. In particular, it is OK
according to current development policies for us to change Gecko's
certificate validation logic so that it works for SSL but doesn't
(completely) work for S/MIME. So, basically, Mozilla doesn't implement
software that can properly use S/MIME certificates, as far as we know.
Is this true? Can some at Mozilla confirm or deny this statement about
current development policies?
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
