Comment 14 for bug 28048

here is a summary of the policy in the works that we may use going forward.
frank can update on more details

Distributors can add or delete certs and modify trust bits on certs in the
default db. On a case-by-case basis, MF will decide whether such changes affect
distributor's right to use Mozilla trademarks. See the trademark policy [does
this exist yet? /be].

MF requires all CAs (a) be root CAs; (b) offer services to the general public;
(c) provide public info about CA and (d) its policies and procedures. MF may in
addition include root CAs that do not provide services to the general public
(e.g., for an intranet customer). MF won't distribute non-CA-certs (e.g.,
self-signed web server certs).

Any CA not in the list can mail <email address hidden> and apply to be
considered for addition, giving needed info: (a-d) above, plus various contact info.

MF won't charge for adding CAs, but welcomes donations.