Dear Support Team, I'd like to understand the design of S/MIME signature / certificate validation in Thunderbird. Lets's assume the scenarion that a message with valid signature has been received but the certificate expires very soon (next couple of days). In my opinion, the behaviour of Thunderbird might be a bit missleading. As enclosed, S/MIME information says that certificate is untrusted, which is not really accurate. The certificate was trusted when the message has been received but now expired. I assume that Thunderbird validates certificate only against current date. But we have the message original date in the headers. Validation process could be configurable, like in popular pdf readers (which date to use for validation), or even better it could execute 2 validations in case current date validation has not been scuccessfull and S/MIME information could cover this scenario that the signature has been valid while message been created / recived but the certificate expired. It would definitely reflect real scenario in more accurate manner. I'd appreciate if you could let me know if there is a configuration possibility which I'm not aware of. In case it is not available, can you please advise how I could submit a proposal of functionality enhancement? In case, there are rules comming from RFC standards restricting the validation of signature in a way that has been described, I'd also appreciate this feedback. In spite of the above remarks, I think that you did a vary good job with S/MIME functionality in thunderbird. It is far more user friendly and well presented to a user than in other email clients. Best regards, Marcin