Comment 79 for bug 232340

Folks here may be interested in the candidate CA policy that's been posted:

 http://www.hecker.org/mozilla/ca-certificate-policy

Roughly, it farms out criteria for a CA to WebTrust. There may be some product
liability concerns around this.

Some here have called for CAcert's cert to ship in a disabled fashioned 'if only
there was a gui to enable it'. It's there, in Firefox anyway.
Prefs...Advanced...Certs..Manage Certs...Authorities...Edit.

Also, I filed bug 276827 for removal of the one-click root-cert install to help
with phishing/MIM attacks.