* '''December 31, 2013''' – Mozilla will disable the SSL and Code Signing trust bits for root certificates with RSA key sizes smaller than 2048 bits. If those root certificates are no longer needed for S/MIME, then Mozilla will remove them from NSS.
'''Note:''' NSS does not accept MD2 and MD4 as hash algorithms in certificate signatures.