|
These roots are trusted in the Mozilla program only for S/MIME, so should not be
included in ca-certificates, which most applications use to validate TLS
certificates.
Per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721976, the only MUAs that
depend on or suggest ca-certificates are Mutt and Sylpheed. Sylpheed doesn't use
ca-certificates for S/MIME. Mutt does, but I think it is still safe to remove
thes because:
(a) S/MIME is relatively uncommon, and
(b) The CAs that have both TLS and S/MIME bits will continue to work, and
(c) Nearly all of the 12 removed email-only CAs have ceased operation of their
email certificate services
Verisign Class 1 Public Primary Certification Authority - G3
Verisign Class 2 Public Primary Certification Authority - G3
UTN USERFirst Email Root CA
SwissSign Platinum CA - G2
AC Raiz Certicamara S.A.
TC TrustCenter Class 3 CA II
ComSign CA
S-TRUST Universal Root CA
Symantec Class 1 Public Primary Certification Authority - G6
Symantec Class 2 Public Primary Certification Authority - G6
Symantec Class 1 Public Primary Certification Authority - G4
Symantec Class 2 Public Primary Certification Authority - G4
|
