On 22/09/15 05:07, Kathleen Wilson wrote: > First, we need to determine if the Email trust bit should remain part of > Mozilla's CA Certificate Policy.
One perhaps somewhat relevant piece of information in this discussion is whether anyone is using S/MIME. After all, if no-one is using it, maintaining the infrastructure looks less attractive. (I realise there are other components to this discussion, such as specifically how used is S/MIME in those email clients which use our store.) A major CA was kind enough to share their numbers with me. They said: "We issued 275,000 client/smime certificates in the last year as soft certificates – i.e. not on smart-cards/tokens. Of those: 265,000 are usable as S/MIME certificates. 10,000 didn’t have an email address in the subject and so could not have been used for S/MIME. 13,000 included both email and identity information from an enterprise scenario. A few hundred were non-enterprise certificates which included both email and identity information." Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
