Greetings,
I am writing to you as a reminder regarding future compliance of S/MIME certificates with the multi-purpose and strict profiles established by the CA/B Forum. As noted before, the Mozilla Root Store Policy incorporates the CA/B Forum's S/MIME Baseline Requirements (S/MIME BRs). The initial adoption of the S/MIME BRs included a commitment to eliminate the Legacy Generation Certificate Profile for those S/MIME certificates issued under Publicly-Trusted CAs. This post is just to alert you that the S/MIME Certificate Working Group will phase out the Legacy certificate profile as of July 15, 2025. Of note, the maximum validity period for S/MIME certificates will go from 1185 days to 825 days.
Here is the proposed ballot for the phasing out of legacy S/MIME certificates: Draft Ballot SMC-008.
It is crucial to note that S/MIME certificates not complying with these profiles will be found non-compliant with Mozilla's policy. If you have not been paying close attention to these changes, I urge you to review them thoroughly to ensure future compliance.
Thank you for your attention to this matter.
Ben