© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I think it comes down to: MF is probably open to more trouble if it ships a root that MS doesn't ship, than if it only ships roots that are also in IE. If there's going to be a race to the bottom in root acceptance laxness, let Microsoft lead it.
As for FreeSSL, yeah, I wish they'd tighten up their procedures, but they do get a voice examplar from the phone call, plus a traceable financial transaction through the credit card payment.
The AICPA audit apparently includes a number of procedural and physical security checks, which I expect them to be good at doing if they do it to banking operations.
I just don't sympathize that much with the desire to put semi-home-made CA roots into the default browser distro with no serious auditing. It's like asking drugstore chains to sell cough syrup that was made in somebody's bathtub with no FDA approval. If there's something one can point to as "best practices", I'd rather follow that. It's certainly a way of putting the heat somewhere else.