* '''December 31, 2013''' – Soon after this date, Mozilla will disable the SSL and Code Signing trust bits for root certificates with RSA key sizes smaller than 2048 bits. If those root certificates are no longer needed for S/MIME, then Mozilla will remove them from NSS.
** TEST: You can test the behavior of changing the root certificate trust bit settings, as described here: https://wiki.mozilla.org/CA:UserCertDB#Changing_Root_Certificate_Trust_Bit_Settings