On Fri, Oct 2, 2015 at 7:41 AM, Joshua Cranmer 🐧 <[email protected]> wrote:
> On 10/2/2015 11:36 AM, Brian Smith wrote: > >> First of all, there is a widely-trusted set of email roots: Microsoft's. >> Secondly, there's no indication that having a widely-trusted set of email >> roots *even makes sense*. Nobody has shown any credible evidence that it >> even makes sense to use publicly-trusted CAs for S/MIME. History has shown >> that almost nobody wants to use publicly-trusted CAs for S/MIME, or even >> S/MIME at all. >> > > There is demonstrably more use of S/MIME than PGP. So, by extension of > your argument, almost nobody wants to use secure email, and there is > therefore no point in supporting them. I think it is fair to say the empirical evidence does support the claim that the vast majority of people don't want to, or can't, use S/MIME or GPG as it exists today. I do think that almost everybody does want secure email, though, if we can find a way to give it to them that they can actually use. > I do realize that I'm using strong language, but this does feel to me to > be part of a campaign to intentionally sabotage Thunderbird development > simply because it's not Firefox It is much simpler than that: I don't want the S/MIME-related stuff to keep getting in the way of the SSL-related stuff in Mozilla's CA inclusion policy. People argue that the S/MIME stuff must keep being in the way of the SSL-related stuff because of Thunderbird and other NSS-related projects. I just want to point out that the "dereliction of duty," as you put it, in the maintenance of that software seems to make that argument dubious, at best. Cheers, Brian -- https://briansmith.org/ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
