Sorry I don't check this list regularly. Hope it's not too late.
Bob Lord wrote:
> I'm beginning the process of writing up the Mozilla S/MIME PRD (Product
> Requirements Document).
>
> I need your help.
>
> While I'm getting the first draft ready, I'd like to get some input in
> these areas:
>
> 1. What aspects of S/MIME in Communicator 4.7 are confusing, hard to
> use, or deploy? How might we improve them in this new version?
Corrupted cert7.db/key3.db files are really annoying. Either a
bullet-proof, resilient set of .db files or a user-friendly recovery
mechanism. (Also see comment under #3 about common database.)
Large CRLs
If CRL has expired, can't get a new one because SSL session won't
validate--need to delete old one. Suggest allowing reading mail and other
actions but with warning
Inability to pick out one of several certificates in a directory
multi-valued attribute
With PSM, inability to request certificates for all recipients from a
directory at one time (Works in vanilla 4.7).
More info about a certificate should look like PrettyPrint
Current requirement for email address in certificate
>
>
> 2. What aspects of S/MIME in Communicator 4.7 are worth keeping in this
> new version? What did you especially like?
>
> 3. What have you seen in other S/MIME or secure email packages that you
> would like to see included in Mozilla's S/MIME?
I would like a configurable choice to store messages encrypted or decrypted
after reading them
I would like a utility to convert stored encrypted messages from an old
encryption key to a new encryption key
I would like to be able to configure automatic retrieval of CRLs. Ability
to configure retrieval period or use of nextUpdate
When I have multiple DS/NR certs, I would like a configuration that either
selects one or allows me to choose "ask every time"
I would like a configurable option to store keys/certificates in a common
database for the platform, e.g. MS CAPI on Windows instead of in the
key3.db and cert7.db files. (I realize this is heresey.)
>
>
> Please be as detailed as you can.
>
> I can't promise anything, but the more data points we have the more
> likely we'll be able to address the most important items first.
>
> -Bob
>
> --
> Bob Lord
> Director, Security Engineering
> Netscape Communications Corp.
> http://www.mozilla.org/projects/security/pki/
