S/MIME has an important role in inter-organizational encrypted
communication. It's not perfect, but it works in many scenarios. There
are alternatives for sure, but they cover different aspects of encrypted
communication and are useful in different scenarios.
The Email trust bit is important because Thunderbird users rely on it
when using S/MIME. Without the Email trust bit, setting up certificates
would be much more difficult up to the point that enrollment workflows
become completely unusable.
The current discussion seems to revolve around two aspects:
1. Implementation details and the amount of work Mozilla (?) is willing
to invest in Thunderbird and its end-to-end encryption capabilities.
(Is a broken Thunderbird S/MIME implementation reason enough to remove
Email trust bits? Thats up to Mozilla I guess... .)
2. The maturity of Mozilla's CA Certificate Policy with regard to the
E-Mail trust bit.
=> Mozilla's CA Certificate Policy is basically doing what is
reasonable. There are no Baseline Requirements For Email Certificates,
so its a valid solution to refer to established audit standards and
enrich them with explicit requirements regarding e-mail adress verification.
=> I don't see a fundamental difference to SSL.
Regards,
Juergen
Kathleen Wilson schrieb:
On 9/21/15 7:07 PM, Kathleen Wilson wrote:
In https://wiki.mozilla.org/CA:CertificatePolicyV2.3
The proposal is:
(D27) Clarify which audit criteria are required depending on which trust
bits are set. In particular, root certs with only the S/MIME trust bit
set will have different audit criteria requirements than root certs with
the Websites trust bit set.
First, we need to determine if the Email trust bit should remain part of
Mozilla's CA Certificate Policy.
As background, when a CA requests the Email trust bit, I verify the
information listed in #4 of
https://wiki.mozilla.org/CA:Information_checklist#Verification_Policies_and_Practices
As we did with the discussion about the code signing trust bit, let's
list the arguments for and against removing references to the Email
trust bit from Mozilla's CA Certificate Policy.
Arguments against removing the Email trust bit:
- Users receiving email encrypted with an S/MIME certificate currently
do not have to manually trust the certificate if it already chains to a
root in a public root store.
- There are known organizations depending on root certificates in the
NSS root store for S/MIME.
- There is support for bolstering the policies and audit requirements
for the Email trust bit.
- What else?
Arguments for removing the Email trust bit:
- Mozilla's policies regarding Email certificates are not currently
sufficient.
- What else?
As always, I will appreciate your thoughtful and constructive input into
this discussion.
Thanks,
Kathleen
To be clear, IF this proposal to remove the Email trust bit from
Mozilla's CA Certificate Policy is approved, then it would follow that
the email trust bit would be turned off for root certificates in the NSS
root store.
So, I would very much like to hear from folks who depend on certificates
chaining up to roots with the Email trust bit enabled.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
