Comment 203 for bug 232340

You say that both sides agree.

Has CACert indicated that they aren't seeking approval at the moment. The previous post was by an auditor independant of CACert.

Also - should CAs be required to seek approval - is there a problem with users requesting that CAs be added if the CA does not seek this approval? Shouldn't users of CACert and mozilla products be able to request the approval of the root cert?

I haven't seen any concerns raised with how CACert issues certs or verifies identity, but just general issues regarding their ownership structure and whether they have been audited. If mozilla were held to the same standards during the early days it probably would have never taken off. It just seems like as an organization we should be trying to foster open source projects. If CACert can't meet mozilla's requirements, perhaps mozilla ought to help them out a bit, or start a free certificate authority of their own?