Comment 81 for bug 232340

(In reply to comment #80)

> I don't think this would help us at all, in fact it could be seen as if mozilla
> foundation has included it already because it doesn't trust us which will give
> the wrong impression. I don't know about you guys but we're trying to cut down
> on end user support not increase it, which is all I can see this causing.

As I understand it CAcert doesn't meet the WebTrust criteria (please correct me
if I'm wrong here) which is what MF is going to use to judge CAcert. Don't get
me wrong, I don't think WebTrust CA's are more secure than CAcert but that's
MF's position on it, or at least they don't want to be seen as making a
judgement on their own. I just think it's better to get the CAcert root cert
distributed, turned off by default, than not distributed at all. CAcert is a
new model and the MF may need some time to get used to it. If the policy is
finalized as-is and CAcert doesn't meet WebTrust criteria, it would be time to
lobby for a lesser standard for MF to distribute certs not turned on.

> How does this exactly prevent MITM or phising scams?

have a look at comment #66 from Kjetil Kjernsmo.