IMHO,
1. S/MIME version
It should clearly support S/MIME v3. Thus it should have an interface for
the user to state the preference of choosing the appropriate certificates
being used for encryption and signing separately.
2. CRL checking
a. CRL checking function should not be hidden - currently the CRL view/edit
button was not enabled until one managed to download a CRL successfully.
b. It may even have some built-in URL at which that CRL of the major CAs
can be downloaded.
c. To remind user that CRL checking is needed, there should be a message -
something like certificate is validated without CRL checking - after the
normal certificate validationg path is done.
d. may allow a scheduler to download designated CRL on regular basis
e. Allow CRL checking for both Server certificate (during SSL server
authentication process), CA certificate (during certification path
validation process), and Person certificate (during reading S/MIME
message).
f. And there was not documenation about the CRL checking mechanism.
3. Obtain other people's certificate
a. Obtaining other people's certificate is based on email only. It should
be integrated with the LDAP client that allows search of certificate based
other attributes such as cn, and then imports to the cert.db directly.
b. Furthermore, if there is more one certificates of the same email
address, only the latest issued certificates (by personal observation only)
were retrieved.
c. There should an function to list out all the certificates, and allows
the user to select which certificate to be imported for use in S/MIME.
4. Display message about the validation being done
It may help educate the user by displaying a validation message before
reading a secure message. For example, IE/Outlook Express will display a
message telling the user about what has been validated, and what went wrong
in PLAIN language, before the user can read the message. Mozilla may
include an option for sophisticated user to disable this display, and go
straight to reading the secure message.
5. Export certificate in *.cer or *.der other than *.p12 file
Allow the export/import of certificate (personal, other people, and CA) in
*.cer or *.der file other than *.p12 file so that the user can transport
certificate file in out of band manner.
ENDS.
Bob Lord wrote:
> I'm beginning the process of writing up the Mozilla S/MIME PRD (Product
> Requirements Document).
>
> I need your help.
>
> While I'm getting the first draft ready, I'd like to get some input in
> these areas:
>
> 1. What aspects of S/MIME in Communicator 4.7 are confusing, hard to
> use, or deploy? How might we improve them in this new version?
>
> 2. What aspects of S/MIME in Communicator 4.7 are worth keeping in this
> new version? What did you especially like?
>
> 3. What have you seen in other S/MIME or secure email packages that you
> would like to see included in Mozilla's S/MIME?
>
> Please be as detailed as you can.
>
> I can't promise anything, but the more data points we have the more
> likely we'll be able to address the most important items first.
>
> -Bob
>
> --
> Bob Lord
> Director, Security Engineering
> Netscape Communications Corp.
> http://www.mozilla.org/projects/security/pki/
