> I don't think it's that much of a stretch to consider the implications > if CAcert.org's private key were to get out. It's publicly known that > CAcert.org has had times in its history where the security of its root > cannot be verified. They are working to correct these problems by > moving to a new secure datacenter to house the private key(s) and the > CA root itself, but until they get to a point where they are 100% sure > that their root is secure and their private key(s) haven't been > compromised at any time, CAcert.org should not be added to the CA root > repository.
Forgive me as I am puzzled, from a user's perspective, I had assumed a user who don't trust a certificate would be able to delete it from the browser's collection? -- In Liberty Koh Choon Lin -- http://gnuzilla.gnu.org
