I do not think that the Mozilla Foundation can charge enough for CA cert inclusion to make it worthwhile.
I'd agree - there is an added problem: If you do charge money, then you are entering into a position of implied contract of some form or other. In which case, if there is any dispute, you are in some sense contracted. (What for, is not the issue right now.)
OTOH, if MF has charged no money, any contracted promise or liability is quite weak. If there is no "consideration" then there is no contract (this is a simplification, ask your legal people for details).
The end result is that it is much safer for MF in any future disputes if no money changed hands. Opera of course in contrast will have the issue that it has some responsibility (to be shown).
Standard dislaimer - IANAL, pay your own.
CA cert inclusion should be based on an impartial standard -- such as WebTrust. To do anything else would undermine the high standards of Mozilla.
I of course agree on the impartial and high standards issue, and would suggest that the users are the highest and most critical of any standards bodies.
They are also free, ever present, and have their incentives aligned to the mission.
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
