3
edits
Changes
Added TLS/SSL Cert Store discussion
Figure 1: http://www.flickr.com/photos/34337875@N02/3194799979/
Figure 2: http://www.flickr.com/photos/34337875@N02/3195722740/
== Use OS TLS/SSL Certificate Store instead of local store ==
Thunderbird (and Firefox) should use the Operating System's SSL Certificate repository instead of a local store. There is no reason to store the same information twice and integration with the OS makes system administration much easier.
For example, a sysadmin should be able to distribute a self-signed CA cert to all the hosts she manages and not worry about Thunderbird having the cert or not.
For Linux look in (the path should be configurable) by default:
debian/ubuntu: /etc/ssl/certs/
redhat/centos: /usr/share/ssl/certs/
(see what other big distros use)
At the very least, if a local store isn't going away, there should be an unattended way of adding a cert such that all Thundebird users on a host have the cert installed.