Mozilla requirements are thought for companies. CAcert.org clearly doesn't have the money or the human resources (they are all volunteers!) to write the policies (legal texts), perform a deep audit, reimplement it's software to follow all those new policies, and do the procedures related to the DPA in matter of months as companies with a much lower security level but with dedicated HR and large budget can.
Mozilla requirements are thought for companies. CAcert.org clearly doesn't have the money or the human resources (they are all volunteers!) to write the policies (legal texts), perform a deep audit, reimplement it's software to follow all those new policies, and do the procedures related to the DPA in matter of months as companies with a much lower security level but with dedicated HR and large budget can.
http:// iang.org/ papers/ open_audit_ lisa.html wiki.cacert. org/wiki/ AuditToDo
http://