Alternative third-party reviews and "attestations" are provided in the policy.
This is a result of lengthy discussions in which the cost of a WebTrust audit
was deemed an unacceptable barrier against legitimate, low-cost certificate
authorities. In particular, CAcert is a non-profit that issues its certificates
for free, depending on donations (including membership dues, which does NOT
purchase certificates) for its funding.
Let's see if the policy can work (if it's officially adopted by the Mozilla
Foundation). Further general discussion of the proposed policy really belongs
in bug #233453 or (better) in the netscape.public.mozilla.crypto newsgroup.
Please re-read not only the policy at www.hecker. org/mozilla/ ca-certificate- policy/>, but also the meta-policy www.hecker. org/mozilla/ ca-certificate- metapolicy/> and the FAQ at www.hecker. org/mozilla/ ca-certificate- faq/> (all proposed). Also, read news.mozilla. org/netscape. public. mozilla. crypto>, especially the thread
<http://
at <http://
<http://
the discussion of these at
<news://
with the subject "New draft of CA certificate policy". A WebTrust audit will
not be the only way a root certificate gets added to the Mozilla database.
Alternative third-party reviews and "attestations" are provided in the policy.
This is a result of lengthy discussions in which the cost of a WebTrust audit
was deemed an unacceptable barrier against legitimate, low-cost certificate
authorities. In particular, CAcert is a non-profit that issues its certificates
for free, depending on donations (including membership dues, which does NOT
purchase certificates) for its funding.
Let's see if the policy can work (if it's officially adopted by the Mozilla public. mozilla. crypto newsgroup.
Foundation). Further general discussion of the proposed policy really belongs
in bug #233453 or (better) in the netscape.