Greetings,
I am writing to you as a reminder regarding future compliance of S/MIME certificates with the multi-purpose and strict profiles established by the CA/B Forum. As noted before, the Mozilla Root Store Policy incorporates the CA/B Forum's S/MIME Baseline Requirements (S/MIME BRs). The initial adoption of the S/MIME BRs included a commitment to eliminate the Legacy Generation Certificate Profile for those S/MIME certificates issued under Publicly-Trusted CAs. This post is just to alert you that the S/MIME Certificate Working Group will phase out the Legacy certificate profile as of July 15, 2025. Of note, the maximum validity period for S/MIME certificates will go from 1185 days to 825 days. Here is the proposed ballot for the phasing out of legacy S/MIME certificates: Draft Ballot SMC-008 <https://groups.google.com/a/groups.cabforum.org/g/smcwg-public/c/25fjG3FyiF0> . It is crucial to note that S/MIME certificates not complying with these profiles will be found non-compliant with Mozilla's policy. If you have not been paying close attention to these changes, I urge you to review them thoroughly to ensure future compliance. Thank you for your attention to this matter. Ben On Wednesday, June 5, 2024 at 9:54:19 AM UTC-6 Ben Wilson wrote: > All, > > The Mozilla Root Store Policy incorporates the CA/B Forum's S/MIME > Baseline Requirements > <https://cabforum.org/working-groups/smime/requirements/> (BRs). The > initial adoption of S/MIME BRs included a commitment to eliminate the Legacy > Generation Certificate Profile for those S/MIME certificates issued under > Publicly-Trusted CAs. This post is just to alert you that the S/MIME > Certificate Working Group will phase out the Legacy certificate profile, as > of June 15, 2025. See Draft Ballot SMC-008 > <https://github.com/srdavidson/smime/tree/Ballot-SMC08>. One change will > be to reduce the maximum validity period for S/MIME certificates from 1185 > days to 825 days. (The S/MIME BRs have a Multipurpose Generation > certificate profile that may serve most needs when the Legacy certificate > profile is gone.) > > Are there any questions, comments, or concerns before this goes to ballot > in the next few weeks? > > Thanks, > > Ben > > > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/7e958206-5394-40b5-a27b-dff9a5bf3e08n%40mozilla.org.
