Phasing out Legacy S/MIME Certificates

1,107 views
Skip to first unread message

Ben Wilson

unread,
Jun 5, 2024, 11:54:19 AMJun 5
to dev-secur...@mozilla.org
All,

The Mozilla Root Store Policy incorporates the CA/B Forum's S/MIME Baseline Requirements (BRs). The initial adoption of S/MIME BRs included a commitment to eliminate the Legacy Generation Certificate Profile for those S/MIME certificates issued under Publicly-Trusted CAs. This post is just to alert you that the S/MIME Certificate Working Group will phase out the Legacy certificate profile, as of June 15, 2025. See Draft Ballot SMC-008. One change will be to reduce the maximum validity period for S/MIME certificates from 1185 days to 825 days. (The S/MIME BRs have a Multipurpose Generation certificate profile that may serve most needs when the Legacy certificate profile is gone.)

Are there any questions, comments, or concerns before this goes to ballot in the next few weeks?

Thanks,

Ben


Ben Wilson

unread,
Jul 16, 2024, 10:55:05 AMJul 16
to dev-secur...@mozilla.org

Greetings,

I am writing to you as a reminder regarding future compliance of S/MIME certificates with the multi-purpose and strict profiles established by the CA/B Forum. As noted before, the Mozilla Root Store Policy incorporates the CA/B Forum's S/MIME Baseline Requirements (S/MIME BRs). The initial adoption of the S/MIME BRs included a commitment to eliminate the Legacy Generation Certificate Profile for those S/MIME certificates issued under Publicly-Trusted CAs. This post is just to alert you that the S/MIME Certificate Working Group will phase out the Legacy certificate profile as of July 15, 2025. Of note, the maximum validity period for S/MIME certificates will go from 1185 days to 825 days.

Here is the proposed ballot for the phasing out of legacy S/MIME certificates: Draft Ballot SMC-008.

It is crucial to note that S/MIME certificates not complying with these profiles will be found non-compliant with Mozilla's policy. If you have not been paying close attention to these changes, I urge you to review them thoroughly to ensure future compliance.

Thank you for your attention to this matter.

Ben
Reply all
Reply to author
Forward
0 new messages