Phasing out Legacy S/MIME Certificates

[Ben Wilson]

All,

The Mozilla Root Store Policy incorporates the CA/B Forum's S/MIME Baseline Requirements (BRs). The initial adoption of S/MIME BRs included a commitment to eliminate the Legacy Generation Certificate Profile for those S/MIME certificates issued under Publicly-Trusted CAs. This post is just to alert you that the S/MIME Certificate Working Group will phase out the Legacy certificate profile, as of June 15, 2025. See Draft Ballot SMC-008. One change will be to reduce the maximum validity period for S/MIME certificates from 1185 days to 825 days. (The S/MIME BRs have a Multipurpose Generation certificate profile that may serve most needs when the Legacy certificate profile is gone.)

Are there any questions, comments, or concerns before this goes to ballot in the next few weeks?

Thanks,

Ben