Anders Rundgren wrote: > I want people to finally realize that signed and encrypted e-mail has a > much more limited scope than originally envisioned and there is > no policy or technical solution that can change that. Due to the > limited scope of S/MIME the problems associated with CAs do > not really exist. The only "public" CAs of genuine interest are the > ones producing SSL certificates.
That's certainly true for Firefox, which doesn't do S/MIME. But those potential CA problems are indeed of concern to Thunderbird and SeaMonkey, which DO S/MIME. > I don't think for example that > the Korean government will ever use S/MIME with their citizens. We could ensure that we don't rely on KISA based certs for S/MIME by not extending S/MIME trust to that root. In bug 335197, KISA has requested all the forms of trust that we offer. So, if someone wishes to suggest that the KISA roots NOT be given trust for S/MIME (and/or code signing) now is the time to start that discussion. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
