Comment 83 for bug 232340

Please re-read not only the policy at
<http://www.hecker.org/mozilla/ca-certificate-policy/>, but also the meta-policy
at <http://www.hecker.org/mozilla/ca-certificate-metapolicy/> and the FAQ at
<http://www.hecker.org/mozilla/ca-certificate-faq/> (all proposed). Also, read
the discussion of these at
<news://news.mozilla.org/netscape.public.mozilla.crypto>, especially the thread
with the subject "New draft of CA certificate policy". A WebTrust audit will
not be the only way a root certificate gets added to the Mozilla database.

Alternative third-party reviews and "attestations" are provided in the policy.
This is a result of lengthy discussions in which the cost of a WebTrust audit
was deemed an unacceptable barrier against legitimate, low-cost certificate
authorities. In particular, CAcert is a non-profit that issues its certificates
for free, depending on donations (including membership dues, which does NOT
purchase certificates) for its funding.

Let's see if the policy can work (if it's officially adopted by the Mozilla
Foundation). Further general discussion of the proposed policy really belongs
in bug #233453 or (better) in the netscape.public.mozilla.crypto newsgroup.