Am 14.03.2014 um 10:54 schrieb Klaus Ethgen <kl...@ethgen.ch>:
> > In a nutshell, if you want CACert to be re-added you must prove > > CACert and its infrastructure is trustworthy. > > Something CACert has attempted but even their internal audits have failed. > > Well, CAcert is not more or less trustworth as every other CA in the > package. In fact, I would trust them much more that such suspect CAs as > TURKTRUST or Verisign. Those certificates packaged by and copied over from Mozilla do fullfil their policy which can be found here: http://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ In the inclusion section your can find a lot of ways to get accepted by Mozilla, but CACert has failed to fullfil any of those. And to quote from their policy: "The burden is on the CA to prove that it has met the above requirements.“ But who knows, with CACert’s move from Australia to Germany we could see some more action behind the efforts for an audit. Personally I don’t have the CACert root certificate in my trusted certs folder, instead for every website and service that uses a CACert certificate I check and accept that cert. ciao, tom
signature.asc
Description: Message signed with OpenPGP using GPGMail
