Comment 80 for bug 232340

(In reply to comment #79)

> Some here have called for CAcert's cert to ship in a disabled fashioned

I don't think this would help us at all, in fact it could be seen as if mozilla
foundation has included it already because it doesn't trust us which will give
the wrong impression. I don't know about you guys but we're trying to cut down
on end user support not increase it, which is all I can see this causing.

> Also, I filed bug 276827 for removal of the one-click root-cert install to
> help with phishing/MIM attacks.

How does this exactly prevent MITM or phising scams? phising scams usually don't
even have an SSL cert, and MITM attacks are very hard to sustain unless you're a
government agency. What would prevent MITM attacks or increase awareness that it
had occurred would be a database of fingerprints in the browser, and if the
fingerprint changed then the browser would warn the user about it.