← GoDaddy cases
Bugzilla #1943135
Technical Compliance
Request to disable SMIME "trust bit" for GoDaddy CAs
RESOLVED
FIXED
GoDaddy
AI Summary
GoDaddy requested the removal of the SMIME and code signing trust bits for several of its root certificates in Mozilla's root store. The request was made because GoDaddy no longer issues code signing certificates and does not plan to support SMIME certificate issuance with these roots. Mozilla confirmed that the affected root certificates are not enabled for email issuance and are not trusted for code signing in NSS. The request was resolved with the change distributed in Nightly 139.0a1.
Chronology
- GoDaddy submits request to disable SMIME trust bit.
- Mozilla confirms the roots are not enabled for email issuance.
- Change confirmed to be distributed in Nightly.
Participants
Steven Deitte
Ben Wilson
Benoit Beurdouche
External References
Similar Local Cases
Turn off Secure Email Trust Bit for certSIGN ROOT CA G2 cert
Turn off Secure Email Trust Bit for certSIGN ROOT CA cert
DigiCert: SCEE / Justica: Non-BR-Compliant Certificate Issuance
GoDaddy: DV certificates with organizationalUnit field in subject
GoDaddy: inconsistent CP/CPS disclosure
GRCA: ALV failures on intermediate certificates
Entrust: CRLs and OCSP responses not issued as specified in the CPS
E-Tugra: Forbidden Domain Validation Method 3.2.2.4.6