To repeat: Per our current policy, CAs need to have independent evaluations/audits of their operation; this does *not* have to be an official WebTrust audit. (See the policy itself for the actual details.) CAcert has not yet had such an evaluation/audit, so it's not yet in a position where I can consider it for approval. (Note that StartCom made their original request over a year ago, and also had to wait until they got an evaluation/audit done.)
(Incidentally, I forgot to accept this bug as being officially assigned to me; I'm doing that now.)
(In reply to comment #132)
> This is *good* news for CACert.
In this regard please see my comment 115 above.
https:/ /bugzilla. mozilla. org/show_ bug.cgi? id=215243# c115
To repeat: Per our current policy, CAs need to have independent evaluations/audits of their operation; this does *not* have to be an official WebTrust audit. (See the policy itself for the actual details.) CAcert has not yet had such an evaluation/audit, so it's not yet in a position where I can consider it for approval. (Note that StartCom made their original request over a year ago, and also had to wait until they got an evaluation/audit done.)
(Incidentally, I forgot to accept this bug as being officially assigned to me; I'm doing that now.)