While I realize the current topic is concerning TLS, I find it rather surprising that Mozilla Policy does not mandate PoP for S/MIME certificate issuance. Lack of checking for S/MIME would present more concrete security concerns, so perhaps this should be addressed in a future update to the Policy.
Thanks, Corey _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy